LearnPress is a learning management system (LMS) plugin that allows WordPress websites to easily create and sell online courses, lessons, and quizzes, providing visitors with a friendly interface while requiring no coding knowledge from the website developer.

The vulnerabilities in the plugin, used in over 100,000 active sites, were discovered by PatchStack between November 30 and December 2, 2022, and reported to the software vendor.

The issues were fixed on December 20, 2022, with the release of LearnPress version 4.2.0. However, according to WordPress.org stats, only about 25% have applied the update.