CVE-2026-12153
rabilal · WP Learn Manager
The WP Learn Manager plugin for WordPress contains an authorization bypass vulnerability that allows unauthenticated attackers to install and activate arbitrary plugins on the host site.
Executive summary
An authorization bypass in the WP Learn Manager WordPress plugin allows unauthenticated attackers to execute arbitrary plugin installations on the target site.
Vulnerability
This is a missing authorization vulnerability (CWE-862) occurring within the plugin's AJAX handlers, where the software fails to verify user permissions before allowing critical administrative actions.
Business impact
With a CVSS score of 9.8, this vulnerability poses a severe risk of site takeover. By enabling the installation of arbitrary plugins, an attacker can effectively achieve remote code execution, inject malicious scripts, or install backdoors, leading to full site compromise and potential data exfiltration.
Remediation
Immediate Action: Update the WP Learn Manager plugin to the latest available version on the WordPress repository immediately.
Proactive Monitoring: Review the list of installed plugins for any unauthorized or unrecognized additions and audit site activity logs for suspicious AJAX requests.
Compensating Controls: If an update is not immediately feasible, disable the plugin entirely and consider utilizing a Web Application Firewall (WAF) to block malicious requests targeting the plugin's AJAX endpoints.
Exploitation status
Public Exploit Available: No
Analyst recommendation
This vulnerability is highly dangerous as it grants unauthenticated attackers the ability to modify the server environment. Site administrators should act immediately to update the plugin and conduct a security audit of their WordPress installation to ensure no unauthorized plugins have been deployed.