CVE-2026-7648

216.73.217.87

· Published 14/05/2026 05:16 · Modified 14/05/2026 14:29

Labels: CVE-2026-7648 2026-05-14 CVE-2026-7648 CWE-639 [email protected]

Essential information

Published: 14/05/2026 05:16
Modified: 14/05/2026 14:29
Author: —
Creator: —
CVSS: 4.3 MEDIUM (v3.1)
CISA KEV: No
CWE: —
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS metrics

Description

The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API endpoint, which passes the unsanitized parameter array to the add_to_cart() function where array_merge() allows attacker-controlled values to overwrite hardcoded defaults. This makes it possible for authenticated attackers, with subscriber-level access and above, to enroll in any paid course entirely free of charge by supplying a quantity value of zero, which causes the order total to calculate as $0 and bypasses all payment gateway requirements.

NVD status

Status: Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
wordpress / learnpress	`cpe:2.3:a:wordpress:learnpress:<4.3.5::::wordpress::*`