VulnerAlert



WORDPRESS
16-12-2025 02:20

CVE-2025-13956 Vulnerabilidad documentada

Sin puntuación
Tags
#wordpress
#plugin
#data
#order
#attackers
#authenticated
#vulnerable
#attack
#access
#unauthorized
Descripción
The LearnPress – WordPress LMS Plugin plugin for is vulnerable to unauthorized access of data due a missing capability check on the statistic function in all versions up to, and including, 4.3.1. This makes it possible unauthenticated attackers view plugin's orders statistics, including total revenue summaries order status counts
https://plugins.trac.wordpress.org/browser/learnpress/tags/4.3.1/inc/rest-api/v1/frontend/class-lp-rest-orders-controller.php#L36
https://www.wordfence.com/threat-intel/vulnerabilities/id/c4b833c3-818d-4646-bd6d-8b3be13ea0f1?source=cve
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2025-13956
Resultados similares
Coincidentes en almenos en 50% de los tags
16-12-2025 CVE-2025-13741
The Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Ch...
Ver información
16-12-2025 CVE-2025-11220
The Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin'...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por