CVE-2025-14798 – The LearnPress WordPress plugin up to version 4... (How to Fix)

Q: What is the severity of CVE-2025-14798?

CVE-2025-14798 has a CVSS score of 5.3 (MEDIUM). The LearnPress WordPress plugin up to version 4.3.2.4 has an API endpoint that doesn't properly check user permissions, allowing unauthenticated attackers to access sensitive user data including names, social profiles, and enrollment information. This affects all WordPress sites using vulnerable LearnPress versions. The vulnerability stems from improper access control in the REST API.

📋 TL;DR

The LearnPress WordPress plugin up to version 4.3.2.4 has an API endpoint that doesn't properly check user permissions, allowing unauthenticated attackers to access sensitive user data including names, social profiles, and enrollment information. This affects all WordPress sites using vulnerable LearnPress versions. The vulnerability stems from improper access control in the REST API.

💻 Affected Systems

Products:

LearnPress - WordPress LMS Plugin

Versions: Up to and including 4.3.2.4

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects WordPress installations with LearnPress plugin enabled. No special configuration required.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Mass extraction of user PII including full names, social media profiles, and course enrollment data leading to privacy violations, targeted phishing campaigns, and potential regulatory compliance issues.

🟠

Likely Case

Unauthenticated attackers harvesting user names and basic profile information for spam, reconnaissance, or social engineering attacks.

🟢

If Mitigated

Limited exposure of non-critical user data if proper network controls and monitoring are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP requests to the vulnerable REST API endpoint can extract data without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.3.2.5 or later

Vendor Advisory: https://wordpress.org/plugins/learnpress/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find LearnPress and click 'Update Now'. 4. Verify update to version 4.3.2.5 or higher.

🔧 Temporary Workarounds

Disable LearnPress REST API endpoint

all

Temporarily disable the vulnerable REST API endpoint via WordPress filter

Add to theme's functions.php or custom plugin: add_filter('rest_endpoints', function($endpoints){ unset($endpoints['/learnpress/v1/users']); return $endpoints; });

Block API access via web server

all

Block access to the vulnerable endpoint at web server level

For Apache: RewriteRule ^/wp-json/learnpress/v1/users - [F,L]
For Nginx: location ~* ^/wp-json/learnpress/v1/users { return 403; }

🧯 If You Can't Patch

Disable the LearnPress plugin entirely until patched
Implement WAF rules to block requests to /wp-json/learnpress/v1/users endpoint

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → LearnPress version. If version ≤ 4.3.2.4, vulnerable. Test with: curl -X GET 'https://yoursite.com/wp-json/learnpress/v1/users' - if returns user data without authentication, vulnerable.

Check Version:

wp plugin list --name=learnpress --field=version (WP-CLI) or check WordPress admin plugins page

Verify Fix Applied:

After update, same curl command should return authentication error or empty response. Verify LearnPress version ≥ 4.3.2.5.

📡 Detection & Monitoring

Log Indicators:

Multiple GET requests to /wp-json/learnpress/v1/users from unauthenticated IPs
Unusual spike in requests to WordPress REST API

Network Indicators:

HTTP GET requests to /wp-json/learnpress/v1/users endpoint without authentication headers

SIEM Query:

source="web_server" AND (uri_path="/wp-json/learnpress/v1/users" OR uri_path LIKE "/wp-json/learnpress/v1/users/%") AND http_method="GET" AND NOT (http_user_agent LIKE "%bot%" OR http_user_agent LIKE "%crawl%")

📊 Metadata

CVE ID: CVE-2025-14798

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-862

EPSS Score: 0.05% exploit probability (15.2th percentile)

Published: January 20, 2026

Last Updated: January 26, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14798, you might also want to check these: