A critical vulnerability in the LearnPress plugin allows unauthenticated attackers to delete quiz answers by exploiting a missing capability check and exposed nonces.

The plugin fails to verify user permissions or ownership within the delete_question_answer AJAX function, relying solely on a nonce that is publicly exposed to all visitors.

With a CVSS score of 9.1, this vulnerability allows any unauthenticated visitor to disrupt the functionality of educational quizzes by deleting content. This leads to service degradation, potential data loss, and significant reputational damage for platforms relying on the plugin for assessments.

Immediate Action: Update the LearnPress plugin to the latest version as provided by the vendor.

Proactive Monitoring: Audit site activity logs for frequent or unauthorized AJAX requests targeting the lp-load-ajax dispatcher.

Compensating Controls: Implement a Web Application Firewall (WAF) to block unauthorized POST requests to the AJAX endpoint from non-authenticated users.

Public Exploit Available: Unknown

The reliance on a publicly exposed nonce for critical administrative actions represents a significant security oversight. Users of the LearnPress plugin should update immediately to prevent unauthorized data manipulation and ensure the integrity of their learning management environment.