Login Sign Up

CVE-2025-11372

6.5 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability in the LearnPress WordPress LMS plugin allows unauthenticated attackers to perform destructive database operations via REST API endpoints. Attackers can drop indexes on any table (including WordPress core tables), create duplicate configuration entries, and degrade site performance. All WordPress sites using LearnPress versions up to 4.2.9.2 are affected.

💻 Affected Systems

Products:
  • LearnPress - WordPress LMS Plugin
Versions: All versions up to and including 4.2.9.2
Operating Systems: All operating systems running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: All WordPress installations with LearnPress plugin enabled are vulnerable by default. No special configuration required.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:
  1. Review the CVE details at NVD
  2. Check vendor security advisories for your specific version
  3. Test if the vulnerability is exploitable in your environment
  4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site compromise through database corruption, loss of critical WordPress configuration data, and permanent site unavailability requiring full database restoration.

🟠

Likely Case

Site performance degradation through index removal, configuration corruption causing plugin/WordPress malfunctions, and potential data integrity issues.

🟢

If Mitigated

No impact if proper authentication and authorization controls are in place to restrict access to admin tools endpoints.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending HTTP requests to specific REST endpoints but no authentication is needed. Attackers need to know table names, which can be discovered through WordPress conventions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 4.2.9.2

Vendor Advisory: https://github.com/LearnPress/learnpress/commit/cf940a437539a803e49136bdff7a53e1f2b2ca44

Restart Required: No

Instructions:

1. Log into WordPress admin dashboard. 2. Navigate to Plugins > Installed Plugins. 3. Find LearnPress plugin. 4. Click 'Update Now' if update available. 5. If no update available, download latest version from WordPress.org and manually update.

🔧 Temporary Workarounds

Block vulnerable REST endpoints

Apache

Use web application firewall or .htaccess to block access to the vulnerable /wp-json/lp/v1/admin/tools/ endpoints

# Add to .htaccess:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^wp-json/lp/v1/admin/tools/ - [F,L]
</IfModule>

Disable LearnPress plugin

WordPress CLI

Temporarily disable the LearnPress plugin until patched

wp plugin deactivate learnpress

🧯 If You Can't Patch

  • Implement strict network access controls to block external access to /wp-json/lp/v1/admin/tools/ endpoints
  • Enable database backup automation and monitor for unexpected index drops or configuration changes

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin dashboard > Plugins > LearnPress. If version is 4.2.9.2 or lower, you are vulnerable.

Check Version:

wp plugin get learnpress --field=version

Verify Fix Applied:

After updating, verify LearnPress version is higher than 4.2.9.2. Test that /wp-json/lp/v1/admin/tools/create-indexs endpoint returns proper authentication error when accessed without admin privileges.

📡 Detection & Monitoring

Log Indicators:

  • HTTP 200 responses to POST /wp-json/lp/v1/admin/tools/create-indexs from unauthenticated IPs
  • Database logs showing unexpected DROP INDEX or CREATE INDEX operations

Network Indicators:

  • POST requests to /wp-json/lp/v1/admin/tools/* endpoints from external IPs without authentication headers

SIEM Query:

source="web_server" AND (uri_path="/wp-json/lp/v1/admin/tools/create-indexs" OR uri_path="/wp-json/lp/v1/admin/tools/*") AND http_method="POST" AND NOT (user_agent contains "wp-admin" OR http_referer contains "wp-admin")

📊 Metadata

CVE ID: CVE-2025-11372
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CWE: CWE-862
EPSS Score: 0.14% exploit probability (33.8th percentile)
Published: October 18, 2025
Last Updated: October 21, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11372, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)
CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)
CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)