CVE-2026-13765 in LearnPress Plugin
Summary
by MITRE • 07/17/2026
The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.4.1 via the check_answer. This makes it possible for unauthenticated attackers to extract the correct-answer markers, full option lists, explanations, and question content for any quiz question on the site — including questions belonging to paid courses the attacker is not enrolled in.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 07/17/2026
The LearnPress WordPress LMS plugin presents a critical sensitive information exposure vulnerability that affects all versions up to and including 4.4.1 through its check_answer functionality. This flaw represents a significant security weakness that undermines the integrity of quiz content protection mechanisms within the learning management system. The vulnerability allows unauthenticated attackers to access comprehensive quiz question data including correct answer markers, complete option lists, detailed explanations, and full question content without proper authorization. This exposure extends beyond simple information disclosure to encompass protected educational materials, particularly affecting paid courses where unauthorized users could access proprietary quiz questions they have not enrolled in or paid for.
The technical implementation of this vulnerability stems from inadequate access controls within the check_answer endpoint, which fails to properly validate user permissions before serving quiz question data. Attackers can exploit this weakness by directly calling the vulnerable API endpoint and receiving structured responses containing all relevant quiz metadata regardless of whether they possess valid enrollment credentials or payment verification. This flaw aligns with CWE-200, which describes improper exposure of sensitive information, and represents a classic example of insufficient authorization checks in web applications. The vulnerability exists at the application layer where user authentication status is not properly verified before data retrieval operations, creating an attack surface that bypasses normal course enrollment restrictions.
The operational impact of this vulnerability extends far beyond simple data leakage, as it compromises the fundamental security model of paid educational content delivery. Attackers can systematically extract quiz questions from any course on the platform including those restricted to paying students, effectively undermining the commercial value of premium content. This exposure creates opportunities for content theft, cheating in online assessments, and potential intellectual property violations that could affect educators, institutions, and content creators relying on LearnPress for their online course delivery. The vulnerability also enables automated exploitation through tools that can systematically query the check_answer endpoint, amplifying the damage potential and making it particularly attractive to malicious actors seeking to harvest educational content at scale.
Mitigation strategies should focus on implementing robust access control mechanisms within the plugin's API endpoints, ensuring proper authentication verification before serving quiz question data regardless of user status. Security patches should enforce authorization checks that validate user enrollment status and payment credentials before providing access to quiz content. Organizations using LearnPress should immediately upgrade to patched versions and implement network-level monitoring to detect suspicious API access patterns targeting the check_answer endpoint. Additionally, administrators should consider implementing additional security layers such as rate limiting for API endpoints and enhanced logging of quiz access attempts to identify potential exploitation activities. This vulnerability demonstrates the critical importance of proper input validation and access control implementation in web applications, particularly those handling sensitive educational content where unauthorized access could result in substantial financial and reputational damage.