CVE-2025-13956
published 2025-12-16CVE-2025-13956: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the statistic…
PriorityP339medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
0.92%
55.7th percentile
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the statistic function in all versions up to, and including, 4.3.1. This makes it possible for unauthenticated attackers to view the plugin's orders statistics, including total revenue summaries and order status counts
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| thimpress | learnpress_wordpress_lms_plugin_for_create_and_sell_online_courses | <= 4.3.1 | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vendor_oracle5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g5h3-m84x-898j: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the stati
ghsa_unreviewed·2025-12-16
CVE-2025-13956 [MEDIUM] CWE-862 GHSA-g5h3-m84x-898j: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the stati
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the statistic function in all versions up to, and including, 4.3.1. This makes it possible for unauthenticated attackers to view the plugin's orders statistics, including total revenue summaries and order status counts
Oracle
Oracle Oracle Essbase Risk Matrix: Security and Provisioning (Apache HttpClient) — CVE-2020-13956
vendor_oracle·2025-10-15·CVSS 4.3
CVE-2020-13956 [MEDIUM] Oracle Oracle Essbase Risk Matrix: Security and Provisioning (Apache HttpClient) — CVE-2020-13956
Oracle Oracle Essbase Risk Matrix: Security and Provisioning (Apache HttpClient) vulnerability
CVE: CVE-2020-13956
CVSS: 4.3
Protocol: HTTP
Remote exploit: No
Affected versions: Network
Advisory: cpuoct2025 (OCT 2025)
Oracle
Oracle Oracle Analytics Risk Matrix: Analytics Server (Apache HttpClient) — CVE-2020-13956
vendor_oracle·2025-01-15·CVSS 5.3
CVE-2020-13956 [MEDIUM] Oracle Oracle Analytics Risk Matrix: Analytics Server (Apache HttpClient) — CVE-2020-13956
Oracle Oracle Analytics Risk Matrix: Analytics Server (Apache HttpClient) vulnerability
CVE: CVE-2020-13956
CVSS: 5.3
Protocol: HTTP
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2025 (JAN 2025)
No detection rules found.
Nuclei
LearnPress < 4.3.2 - Broken Access Control
nuclei·CVSS 5.3
CVE-2025-13956 [MEDIUM] LearnPress < 4.3.2 - Broken Access Control
LearnPress < 4.3.2 - Broken Access Control
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the statistic function in all versions up to, and including, 4.3.1. This makes it possible for unauthenticated attackers to view the plugin's orders statistics, including total revenue summaries and order status counts.
Template:
id: CVE-2025-13956
info:
name: LearnPress < 4.3.2 - Broken Access Control
author: pussycat0x
severity: medium
description: |
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the statistic function in all versions up to, and including, 4.3.1. This makes it possible for unauthenticated attac
2025-12-16
Published