Unrated severityNVD Advisory· Published Jun 17, 2026
LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API
CVE-2026-8383
Description
The LearnPress WordPress plugin before 4.3.7 does not gate the edit context on one of its REST endpoint behind the edit_users capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted request
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- wpscan.com/vulnerability/b7cbf68b-62c5-4787-b84b-69df9e0122b2/mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.