GCVE - cpe:2.3:a:thimpress:learnpress:-:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:thimpress:learnpress:-:*:*:*:*:wordpress:*:*

part: a version: - update: *

Vendor	Thimpress (`3359de0e-d602-5f4a-8b30-12c81ab7a63c`)
Product	Learnpress (`587bc9c0-2e85-5dbb-ae8d-4956a2ea7e59`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/learnpress/learnpress`	purl2cpe	2026-06-01 10:11:30.832263
`pkg:github/wp-plugins/learnpress`	purl2cpe	2026-06-01 10:11:30.832264
`pkg:github/wpplugins/learnpress`	purl2cpe	2026-06-01 10:11:30.832266

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-6589`	vulnerable	2026-06-03 14:58:03.628942	LearnPress <= 4.2.6.8.2 - Authenticated (Contributor+) Local File Inclusion HIGH (8.8) The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.6.8.2 via the 'render_content_block_template' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. Published: 2024-07-25T10:59:51.542Z Updated: 2026-04-08T17:18:15.454Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/ba79bf95-08f8-4aa6-968b-f76a09ce52b8?source=cve https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.8.2/inc/block-template/class-block-template-archive-course.php#L28 https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.8.2/inc/block-template/class-block-template-single-course.php#L28 https://plugins.trac.wordpress.org/changeset/3124296/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-6099`	vulnerable	2026-06-03 14:58:01.866750	LearnPress – WordPress LMS Plugin <= 4.2.6.8.1 - Unauthenticated Bypass to User Registration MEDIUM (5.3) The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the 'check_validate_fields' function in the checkout. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled. Published: 2024-07-02T11:01:35.868Z Updated: 2026-04-08T17:03:16.963Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/7ee714c7-4c9b-4627-9ba9-f83aeca6a0a5?source=cve https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.8.1/inc/class-lp-checkout.php#L124 https://plugins.trac.wordpress.org/changeset/3109339/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-31241`	vulnerable	2026-06-03 14:55:39.292605	WordPress LearnPress Export Import plugin <= 4.0.3 - Auth. SQL Injection vulnerability HIGH (7.6) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress LearnPress Export Import.This issue affects LearnPress Export Import: from n/a through 4.0.3. Published: 2024-04-07T18:00:12.191Z Updated: 2026-04-28T16:09:28.916Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/learnpress-import-export/wordpress-learnpress-export-import-plugin-4-0-3-admin-sql-injection-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.