CVE-2025-11368 Scanner
CVE-2025-11368 Scanner - Arbitrary Callback Execution to Information Exposure vulnerability in LearnPress
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
17 days 13 hours
Scan only one
URL
Toolbox
The LearnPress WordPress LMS Plugin is widely used in educational institutions and online learning platforms. Developed by ThimPress, it facilitates the creation of courses, lessons, and quizzes on WordPress websites. This plugin enables educators to manage and sell online courses, quizzes, and related educational content. It integrates with various other WordPress plugins and themes to provide a comprehensive e-learning solution. LearnPress is popular due to its flexibility and the extensive range of features it offers for both instructors and learners. However, regular updates and security patches are essential to maintain its security.
The Arbitrary Callback Execution to Information Exposure vulnerability in LearnPress occurs due to insufficient capability checks in certain REST endpoints. This flaw allows unauthorized attackers to execute arbitrary admin-only template methods. It leads to the exposure of sensitive information such as admin curriculum HTML, quiz questions with correct answers, and course materials. The vulnerability compromises the confidentiality of educational content through the REST API endpoint. Attackers need to supply valid numeric IDs via the endpoint to exploit this vulnerability.
Technical details of the vulnerability involve missing capability checks in the REST endpoint `/wp-json/lp/v1/load_content_via_ajax`. Attackers can exploit this endpoint to execute arbitrary template methods intended for admin users. Successful exploitation enables attackers to access sensitive educational content by supplying valid numeric IDs in the API call. The vulnerable endpoint is publicly accessible, making it an attractive target for attackers. The template methods accessed through this vulnerability include those that render or fetch sensitive educational data.
Exploitation of this vulnerability can lead to unauthorized disclosure of sensitive educational content. This includes quiz answers, curriculum materials, and other proprietary educational content intended for admin or instructor access only. Such unauthorized access can undermine the integrity of the educational content and services provided by affected institutions or platforms. Moreover, it may result in reputational damage and financial loss if proprietary material is leaked or misused.
REFERENCES
