Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
LearnPress Export Import Plugin: Unauthorized Data Deletion in LearnPress
CVE-2026-1787
Summary
A security flaw in the LearnPress Export Import plugin for WordPress allows unauthorized users to delete courses that have been migrated from Tutor LMS. This could lead to loss of important course data. To protect your site, update the LearnPress Export Import plugin to the latest version or remove the Tutor LMS plugin.
Original title
The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_migrated_data' fun...
Original description
The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_migrated_data' function in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to delete course that have been migrated from Tutor LMS. The Tutor LMS plugin must be installed and activated in order to exploit the vulnerability.
nvd CVSS3.1
4.8
Vulnerability type
CWE-862
Missing Authorization
Published: 21 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026