Thimpress Learnpress Backup Migration Tool vulnerabilities

CVE-2026-1787 [MEDIUM] CWE-862 CVE-2026-1787: The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_migrated_data' function in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to delete course that have been migrated from Tutor

CVE-2024-9609 [MEDIUM] CWE-79 CVE-2024-9609: The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'learnpress_import_form_server' parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject ar