cbcvebase.
CVE-2026-8383
published 2026-06-17

CVE-2026-8383: LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API The LearnPress WordPress plugin before 4.3.7 does not gate the `edit`…

medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
0.42%
34.0th percentile
LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted request
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.