CVE-2025-14802 – This vulnerability in the LearnPress WordPress ... (How to Fix)

Q: What is the severity of CVE-2025-14802?

CVE-2025-14802 has a CVSS score of 5.4 (MEDIUM). This vulnerability in the LearnPress WordPress plugin allows authenticated attackers with teacher-level access to delete arbitrary lesson material files uploaded by other teachers. It affects versions up to and including 4.3.2.2 due to a parameter mismatch in the REST API authorization check. WordPress sites using vulnerable LearnPress versions are affected.

📋 TL;DR

This vulnerability in the LearnPress WordPress plugin allows authenticated attackers with teacher-level access to delete arbitrary lesson material files uploaded by other teachers. It affects versions up to and including 4.3.2.2 due to a parameter mismatch in the REST API authorization check. WordPress sites using vulnerable LearnPress versions are affected.

💻 Affected Systems

Products:

LearnPress - WordPress LMS Plugin

Versions: Up to and including 4.3.2.2

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with LearnPress plugin and teacher-level user accounts.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious teachers could delete all lesson materials, disrupting course delivery and potentially causing data loss if backups are unavailable.

🟠

Likely Case

Teachers deleting materials from other teachers' courses, causing minor to moderate disruption in multi-teacher environments.

🟢

If Mitigated

No impact if patched or proper access controls prevent teacher-level exploitation.

🌐 Internet-Facing: HIGH - WordPress sites are typically internet-facing, and the vulnerable REST endpoint is accessible to authenticated users.

🏢 Internal Only: MEDIUM - Internal WordPress installations with teacher accounts could still be exploited by malicious insiders.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires teacher-level credentials and knowledge of target file IDs, but the vulnerability is straightforward to exploit once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.3.2.3

Vendor Advisory: https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.2.3/inc/rest-api/v1/frontend/class-lp-rest-material-controller.php#L403

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find LearnPress plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 4.3.2.3+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Disable vulnerable REST endpoint

all

Remove or restrict access to the /wp-json/lp/v1/material/{file_id} DELETE endpoint

Add to theme's functions.php or custom plugin: remove_action('rest_api_init', 'register_lp_rest_material_routes');

Restrict teacher file deletion permissions

all

Modify user roles to prevent teachers from deleting materials via custom capability management

Use WordPress role editor plugin or add custom code to remove 'delete_lp_material' capability from teacher role

🧯 If You Can't Patch

Restrict teacher account creation and review existing teacher accounts for suspicious activity.
Implement file integrity monitoring for lesson materials and maintain regular backups.

🔍 How to Verify

Check if Vulnerable:

Check LearnPress plugin version in WordPress admin under Plugins → Installed Plugins. If version is 4.3.2.2 or lower, you are vulnerable.

Check Version:

WordPress: In admin panel, go to Plugins → Installed Plugins and check LearnPress version. Command line: wp plugin list --field=version --name=learnpress (if WP-CLI installed)

Verify Fix Applied:

After updating, verify LearnPress version is 4.3.2.3 or higher in WordPress admin plugins page.

📡 Detection & Monitoring

Log Indicators:

Multiple DELETE requests to /wp-json/lp/v1/material/ endpoints from teacher accounts
Unusual file deletion events in WordPress media library logs

Network Indicators:

HTTP DELETE requests to /wp-json/lp/v1/material/{numeric_id} patterns
Unusual REST API activity from teacher user agents

SIEM Query:

source="wordpress.log" AND (uri_path="/wp-json/lp/v1/material/*" AND http_method="DELETE")

📊 Metadata

CVE ID: CVE-2025-14802

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

CWE: CWE-639

EPSS Score: 0.04% exploit probability (11.6th percentile)

Published: January 7, 2026

Last Updated: January 8, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14802, you might also want to check these: