CVE-2024-4444

MEDIUM

LearnPress - WordPress LMS Plugin <4.2.6.5 - Auth Bypass

Title source: llm
STIX 2.1

Description

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled.

Scores

CVSS v3 5.3
EPSS 0.0071
EPSS Percentile 49.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-420 CWE-862
Status published
Products (2)
thimpress/learnpress < 4.2.6.6
thimpress/LearnPress – WordPress LMS Plugin for Create and Sell Online Courses < 4.2.6.5
Published May 14, 2024
Tracked Since Feb 18, 2026