Kitgenix Plugin Score

learnpress

Slug: learnpress · · 0+

Not updated in last 3 months

Overall Score

Scan this plugin to generate a full score report

--
Not Yet Scanned

What this score means

Scores are calculated on a 100-point scale by analysing six weighted categories: Security, WP.org Readiness, Performance, Code Quality, Accessibility, and Vulnerabilities. Open vulnerabilities are weighted by severity, CVSS, and patch availability, and incomplete source data can reduce confidence slightly.

  • Excellent The plugin follows best practices across every measured category. It is well-maintained, low-risk, and recommended for production use.
  • Good Strong overall quality with minor areas for improvement. Generally safe to use on most sites.
  • Needs Review Some areas of concern detected. Review the full issues report and weigh the risks before installing on production.
  • High Risk Significant quality or security problems found. Exercise caution — check the details carefully before using this plugin.
No scan has been completed yet. Vulnerability and issue data will appear after the first scan.
  • Wordfence: June 10, 2026 4:46 am (58 minutes ago)

Actions

View on WordPress.org Download Plugin
After the first scan, this plugin will be automatically re-scanned every 30 days.
Export report: CSV JSON

Score Breakdown

Shield
Security
--
Pending Scan
W
WP.org Readiness
--
Pending Scan
Speed
Performance
--
Pending Scan
Code
Code Quality
--
Pending Scan
A11y
Accessibility
--
Pending Scan
Bug
Vulnerability Status
--
Pending Scan

Plugin Details

Scan Summary

  • Errors: 0
  • Warnings: 0
  • Notices: 0
  • Last Scanned: N/A
No scan results yet. Start the first scan to populate this summary.

Detected Issues

No issues to display yet. Run the first scan to generate findings.

Score History

No history available yet. · All-Time High: N/A

All Past Vulnerabilities

Showing all known historical vulnerabilities for this plugin, including open and closed records.

Vulnerability CVE Severity Status Affected Versions Patched Version Updated Source
LearnPress <= 4.2.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting N/A LOW Closed *-4.2.7.1 4.2.7.2 2024-11-21 00:00:00 Wordfence
LearnPress <= 4.1.3 - Authenticated Stored Cross-Site Scripting N/A LOW Closed *-4.1.3 4.1.3.1 2021-09-20 00:00:00 Wordfence
LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter N/A LOW Closed *-4.2.6.5 4.2.6.6 2024-05-09 21:13:13 Wordfence
LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering N/A LOW Closed *-4.3.2.8 4.3.3 2026-03-11 13:32:56 Wordfence
LearnPress <= 4.1.4.1 - Arbitrary Image Renaming N/A LOW Closed *-4.1.4.1 4.1.5 2022-01-26 00:00:00 Wordfence
LearnPress <= 4.2.6.8.2 - Cross-Site Request Forgery N/A LOW Closed *-4.2.6.8.2 4.2.6.9 2024-08-01 00:00:00 Wordfence
LearnPress – WordPress LMS Plugin for Create and Sell Online Courses <= 4.3.5 - Authenticated (Subscriber+) Payment Bypass to Free Course Enrollment via 'quantity' Parameter N/A LOW Closed *-4.3.5 4.3.6 2026-05-13 15:21:13 Wordfence
LearnPress <= 4.1.3.1 - Stored Cross-Site Scripting via $custom_profile N/A LOW Closed *-4.1.3.1 4.1.3.2 2021-10-18 17:16:00 Wordfence
LearnPress – WordPress LMS Plugin <= 4.2.7.5 - Authenticated (LP Instructor+) Stored Cross-Site Scripting via Lesson Name N/A LOW Closed *-4.2.7.5 4.2.7.5.1 2025-01-24 19:05:51 Wordfence
LearnPress <= 4.1.3 - Authenticated SQL Injection N/A LOW Closed [*, 4.1.4) 4.1.4 2021-11-09 00:00:00 Wordfence
LearnPress – WordPress LMS Plugin <= 4.2.7.5 - Authenticated (Admin+) Stored Cross-Site Scripting N/A LOW Closed *-4.2.7.5 4.2.7.5.1 2025-01-29 00:00:00 Wordfence
LearnPress <= 3.2.6.8 - Authenticated Page Creation and Status Modification N/A LOW Closed *-3.2.6.8 3.2.6.9 2020-04-19 00:00:00 Wordfence
LearnPress <= 4.2.5.7 - Unauthenticated SQL Injection via order_by N/A LOW Closed *-4.2.5.7 4.2.5.8 2024-01-02 00:00:00 Wordfence
LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API N/A LOW Closed *-4.3.2.4 4.3.2.5 2026-01-19 14:52:42 Wordfence
LearnPress – WordPress LMS Plugin <= 4.2.6.9.3 - Authenticated (Contributor+) SQL Injection via order Parameter N/A LOW Closed *-4.2.6.9.3 4.2.6.9.4 2024-08-07 16:50:26 Wordfence
LearnPress <= 4.2.6.8.2 - Authenticated (Subscriber+) Insecure Direct Object Reference N/A LOW Closed *-4.2.6.8.2 4.2.6.9 2024-08-01 00:00:00 Wordfence
LearnPress <= 4.1.5 - Reflected Cross-Site Scripting N/A LOW Closed [*, 4.1.6) 4.1.6 2022-03-16 00:00:00 Wordfence
LearnPress – WordPress LMS Plugin <= 4.2.7.3 - Course Material Sensitive Information Exposure via REST API N/A LOW Closed *-4.2.7.3 4.2.7.4 2024-12-09 00:00:00 Wordfence
LearnPress <= 3.2.6.7 - SQL Injection N/A LOW Closed *-3.2.6.7 3.2.6.8 2021-07-19 00:00:00 Wordfence
LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion N/A LOW Closed *-4.3.2.8 4.3.3 2026-04-13 12:59:29 Wordfence
LearnPress – WordPress LMS Plugin <= 4.2.6.8.1 - Missing Authorization to Unauthenticated User Registration Bypass N/A LOW Closed *-4.2.6.8.1 4.2.6.8.2 2024-07-01 00:00:00 Wordfence
LearnPress – WordPress LMS Plugin <= 4.2.7.5 - Authenticated (Admin+) Stored Cross-Site Scripting N/A LOW Closed *-4.2.7.5 4.2.7.5.1 2025-01-29 00:00:00 Wordfence
LearnPress <= 4.2.6.3 - Insecure Direct Object Reference N/A LOW Closed *-4.2.6.3 4.2.6.4 2024-04-04 00:00:00 Wordfence
LearnPress – WordPress LMS Plugin <= 4.2.9.4 - Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure N/A LOW Closed *-4.2.9.4 4.3.0 2025-11-20 16:53:10 Wordfence
LearnPress – WordPress LMS Plugin <= 4.2.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter N/A LOW Closed *-4.2.6.6 4.2.6.7 2024-05-21 16:40:45 Wordfence
LearnPress – WordPress LMS Plugin <= 4.2.6.8 - Basic Information Disclosure via JSON API N/A LOW Closed *-4.2.6.8 4.2.6.8.1 2024-06-04 14:20:10 Wordfence
LearnPress <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'skin' Shortcode Attribute N/A LOW Closed *-4.3.3 4.3.4 2026-04-07 15:19:06 Wordfence
LearnPress – WordPress LMS Plugin <= 4.2.6.8.1 - Unauthenticated Bypass to User Registration N/A LOW Closed *-4.2.6.8.1 4.2.6.8.2 2024-07-01 00:00:00 Wordfence
LearnPress <= 4.2.5.7 - Command Injection N/A LOW Closed *-4.2.5.7 4.2.5.8 2024-01-03 00:00:00 Wordfence
LearnPress <= 4.2.5.7 - Insecure Direct Object Reference to Information Disclosure N/A LOW Closed *-4.2.5.7 4.2.5.8 2024-01-02 00:00:00 Wordfence
LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Time-Based SQL Injection N/A LOW Closed *-4.2.6.5 4.2.6.6 2024-05-09 19:40:23 Wordfence
LearnPress – WordPress LMS Plugin for Create and Sell Online Courses <= 4.3.6 - Reflected Cross-Site Scripting N/A LOW Closed *-4.3.6 4.3.7 2026-06-01 00:00:00 Wordfence
LearnPress <= 4.1.7.3.2 - Authenticated (Subscriber+) SQL Injection N/A LOW Closed *-4.1.7.3.2 4.2.0 2022-12-20 00:00:00 Wordfence
LearnPress – WordPress LMS Plugin <= 4.0.0 - Cross-Site Request Forgery to Privilege Escalation N/A LOW Closed *-4.0.0 4.0.1 2024-04-04 00:00:00 Wordfence
LearnPress <= 4.2.3 - Missing Authorization N/A LOW Closed [*, 4.2.3.1) 4.2.3.1 2023-07-06 00:00:00 Wordfence
LearnPress <= 4.2.3 - Missing Authorization N/A LOW Closed *-4.2.3 4.2.3.1 2023-07-04 00:00:00 Wordfence
LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Bypass to User Registration N/A LOW Closed *-4.2.6.5 4.2.6.6 2024-05-09 00:00:00 Wordfence
LearnPress – WordPress LMS Plugin <= 4.1.6.5 - Reflected Cross-Site Scripting N/A LOW Closed *-4.1.6.5 4.1.6.6 2022-06-14 00:00:00 Wordfence
LearnPress <= 3.0.12 - Open Redirect N/A LOW Closed *-3.0.12 3.1.0 2018-11-09 00:00:00 Wordfence
LearnPress – WordPress LMS Plugin <= 4.2.9.3 - Missing Authorization to Unauthenticated Database Table Manipulation N/A LOW Closed *-4.2.9.3 4.2.9.4 2025-10-17 18:38:36 Wordfence
LearnPress – WordPress LMS Plugin <= 4.1.6.7 - Reflected Cross-Site Scripting N/A LOW Closed *-4.1.6.7 4.1.6.8 2022-07-05 00:00:00 Wordfence
LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields' N/A LOW Closed *-4.2.7 4.2.7.1 2024-09-11 00:00:00 Wordfence
LearnPress <= 3.0.12 - Cross-Site Scripting N/A LOW Closed *-3.0.12 3.1.0 2018-11-09 00:00:00 Wordfence
LearnPress <= 4.2.7.5 - Missing Authorization N/A LOW Closed *-4.2.7.5 4.2.7.6 2025-03-27 00:00:00 Wordfence
LearnPress – WordPress LMS Plugin <= 4.3.1 - Missing Authorization to Unauthenticated Orders Statistics Exposure N/A LOW Closed *-4.3.1 4.3.2 2025-12-15 16:22:18 Wordfence
LearnPress <= 4.2.3 - Missing Authorization to Information Exposure N/A LOW Closed *-4.2.3 4.2.3.1 2023-07-04 00:00:00 Wordfence
LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Instructor+) Arbitrary File Upload N/A LOW Closed *-4.2.6.5 4.2.6.6 2024-05-09 00:00:00 Wordfence
LearnPress <= 4.2.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting N/A LOW Closed *-4.2.9.4 4.3.0 2025-11-06 00:00:00 Wordfence
LearnPress – WordPress LMS Plugin <= 4.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via get_profile_social N/A LOW Closed *-4.3.1 4.3.2 2025-12-15 02:25:53 Wordfence
LearnPress <= 4.1.7.3.2 - Unauthenticated Local File Inclusion N/A LOW Closed *-4.1.7.3.2 4.2.0 2023-01-20 00:00:00 Wordfence
LearnPress <= 4.2.9.4 - Missing Authorization N/A LOW Closed *-4.2.9.4 4.3.0 2025-11-30 00:00:00 Wordfence
LearnPress <= 4.1.7.1 - Unauthenticated PHP Object Injection N/A LOW Closed *-4.1.7.1 4.1.7.2 2022-10-03 00:00:00 Wordfence
LearnPress <= 4.3.6 - Unauthenticated Sensitive Information Exposure via 'c_status' and 'return_type' Parameters N/A LOW Closed *-4.3.6 4.3.7 2026-06-05 14:23:22 Wordfence
LearnPress <= 4.2.5.3 - Reflected Cross-Site Scripting via add_internal_scripts_to_head N/A LOW Closed [*, 4.2.5.4) 4.2.5.4 2023-11-07 00:00:00 Wordfence
LearnPress <= 3.2.6.6 - Privilege Escalation N/A LOW Closed *-3.2.6.6 3.2.6.8 2020-03-16 00:00:00 Wordfence
LearnPress – WordPress LMS Plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion N/A LOW Closed *-4.3.2.1 4.3.2.2 2026-01-06 18:42:00 Wordfence
LearnPress – WordPress LMS Plugin <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting N/A LOW Closed *-4.2.6.4 4.2.6.5 2024-04-18 00:00:00 Wordfence
LearnPress <= 3.2.6.8 - Privilege Escalation via accept-to-be-teacher action parameter N/A LOW Closed *-3.2.6.8 3.2.6.9 2020-04-20 00:00:00 Wordfence
LearnPress <= 4.1.7.3.2 - Unauthenticated SQL Injection N/A LOW Closed *-4.1.7.3.2 4.2.0 2023-01-20 00:00:00 Wordfence
LearnPress – WordPress LMS Plugin <= 3.2.7.2 - SQL Injection N/A LOW Closed *-3.2.7.2 3.2.7.3 2020-10-05 00:00:00 Wordfence
LearnPress <= 4.2.7.1 - Authenticated (Subscriber+) Open Redirect N/A LOW Closed *-4.2.7.1 4.2.7.2 2025-01-24 00:00:00 Wordfence
LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion N/A LOW Closed *-4.3.2.8 4.3.3 2026-03-23 09:53:24 Wordfence
LearnPress <= 4.2.6.3 - Authenticated(LP Instructor+) Stored Cross-Site Scripting N/A LOW Closed *-4.2.6.3 4.2.6.4 2024-04-04 00:00:00 Wordfence
LearnPress – WordPress LMS Plugin <= 4.3.2 - Missing Authentication to Unauthenticated Course Modification N/A LOW Closed *-4.3.2 4.3.2.1 2026-01-05 19:55:08 Wordfence
LearnPress <= 4.2.7.1 - Authenticated (Admin+) Stored Cross-Site Scripting N/A LOW Closed *-4.2.7.1 4.2.7.2 2024-11-21 00:00:00 Wordfence
LearnPress <= 3.0.12 - Authenticated SQL Injection N/A LOW Closed *-3.0.12 3.1.0 2018-11-09 00:00:00 Wordfence
LearnPress <= 4.2.6.8.2 - Authenticated (Contributor+) Local File Inclusion N/A LOW Closed *-4.2.6.8.2 4.2.6.9 2024-07-24 00:00:00 Wordfence
LearnPress <= 3.2.7.2 - Reflected Cross-Site Scripting N/A LOW Closed [*, 3.2.7.3) 3.2.7.3 2020-09-08 00:00:00 Wordfence
LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields' N/A LOW Closed *-4.2.7 4.2.7.1 2024-09-11 00:00:00 Wordfence