WordPress E-Learning Plugin Vulnerabilities Range from...

WordPress E-Learning Plugin Vulnerabilities Range from Cheating to Remote Code Execution

On April 29, 2020, Check Point researchers Omri Herscovici and Sagi Tzadik published research into three popular WordPress learning management system (LMS) plugins: LifterLMS, LearnDash and LearnPress. These LMS plugins can be used to deliver training programs and educational courses to businesses and educational institutions remotely, a capability that has become essential due to the COVID-19 pandemic.

LearnPress developer ThimPress has addressed both of its vulnerabilities and users are advised to update to the latest version, 3.2.7. Users of LifterLMS are advised to update to the latest available version, 3.38.0, while LearnDash users are advised to update to version 3.1.6.

For more information, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

WordPress E-Learning Plugin Vulnerabilities Range from...

Recent Discussions

Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)

Frequently Asked Questions About Notepad++ Supply Chain Compromise

Ivanti Endpoint Manager Mobile Zero-Days Exploited (CVE-2026-1281, CVE-2026-1340)

Oracle January 2026 Critical Patch Update Addresses 158 CVEs

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Vulnerability

Americas

Europe

Asia / Australia