2024-01-11 06:49:32
Wordfence
PUBLISHED
The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the userID user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve the details of another users course progress.