{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14387", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-09T20:21:25.446Z", "datePublished": "2025-12-15T15:30:54.785Z", "dateUpdated": "2026-04-08T17:32:40.040Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:32:40.040Z"}, "affected": [{"vendor": "thimpress", "product": "LearnPress \u2013 WordPress LMS Plugin for Create and Sell Online Courses", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.3.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "LearnPress \u2013 WordPress LMS Plugin <= 4.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via get_profile_social", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f29b3a37-436d-4d03-8818-d5267b23067b?source=cve"}, {"url": "https://github.com/LearnPress/learnpress/commit/3bdaa63920c7d485e7efa7c92d3f19273a2916ff"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Arkadiusz Hydzik"}], "timeline": [{"time": "2025-12-07T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-12-09T20:37:49.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-12-15T02:25:53.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-15T16:17:00.096565Z", "id": "CVE-2025-14387", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-15T16:17:05.643Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14387", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-15T16:17:00.096565Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-15T16:17:02.569Z"}}], "cna": {"title": "LearnPress \u2013 WordPress LMS Plugin <= 4.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via get_profile_social", "credits": [{"lang": "en", "type": "finder", "value": "Arkadiusz Hydzik"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "thimpress", "product": "LearnPress \u2013 WordPress LMS Plugin", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "4.3.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-07T00:00:00.000+00:00", "value": "Discovered"}, {"lang": "en", "time": "2025-12-09T20:37:49.000+00:00", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-12-15T02:25:53.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f29b3a37-436d-4d03-8818-d5267b23067b?source=cve"}, {"url": "https://github.com/LearnPress/learnpress/commit/3bdaa63920c7d485e7efa7c92d3f19273a2916ff"}], "descriptions": [{"lang": "en", "value": "The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-12-15T15:30:54.785Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14387", "state": "PUBLISHED", "dateUpdated": "2025-12-15T16:17:05.643Z", "dateReserved": "2025-12-09T20:21:25.446Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-12-15T15:30:54.785Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The LearnPress \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "id": "CVE-2025-14387", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-12-15T16:15:51.453", "references": [{"source": "security@wordfence.com", "url": "https://github.com/LearnPress/learnpress/commit/3bdaa63920c7d485e7efa7c92d3f19273a2916ff"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f29b3a37-436d-4d03-8818-d5267b23067b?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T00:44:56.928317+00:00", "value": {"mitigation_remediation": ["Upgrade LearnPress to a version newer than 4.3.1 that includes the fix for the get_profile_social handler.", "If an upgrade is not immediately possible, deny or disable the get_profile_social endpoint for non\u2011administrator roles so that subscribers cannot submit script payloads.", "Implement input sanitization for the profile social field by applying WordPress\u2019s wp_kses or a similar whitelist function to strip disallowed tags before storing or rendering the data."], "summary": {"action": "Patch", "impact": "Stored Cross\u2011Site Scripting (arbitrary script execution for authenticated users)"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the LearnPress \u2013 WordPress LMS Plugin from thimpress, in all releases up to and including version 4.3.1. The plugin is used in WordPress installations that allow subscribers to edit their profiles. No other vendors or products are listed as affected.", "description_and_impact": "The LearnPress \u2013 WordPress LMS Plugin contains a stored cross\u2011site scripting flaw that allows any authenticated user with Subscriber level or higher to inject arbitrary JavaScript through the get_profile_social input field. The injected script is persisted and executed whenever a user opens a page that displays the profile, providing the attacker with the ability to deface sites or steal credentials of other users. This weakness is an instance of CWE\u201179, the classic injection of malicious client\u2011side code. The primary impact is the ability to execute scripts in the context of other authenticated site visitors, potentially compromising confidentiality, integrity, and availability of user sessions.", "risk_and_exploitability": "The CVSS score of 6.4 classifies the flaw as a moderate severity vulnerability, and the EPSS score of less than 1% indicates a low probability of exploitation. The attacker must be authenticated with Subscriber or higher permissions, which reduces the scope but does not eliminate it. Because the vulnerability is not listed in CISA\u2019s KEV catalog, no large\u2011scale, publicly disclosed exploitation campaigns are currently known. Nonetheless, the presence of stored XSS combined with authenticated access poses a significant risk to sites that expose profile editing to non\u2011administrator users."}}}}, "created": "2025-12-15T21:33:23.846689+00:00", "updated": "2026-04-21T00:45:23.105261+00:00", "vendors": ["thimpress", "thimpress$PRODUCT$learnpress", "wordpress", "wordpress$PRODUCT$wordpress"]}