COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-12153

CVE-2026-12153

Severity
critical
Source
NVD · cve
Published
2026-07-08
CVSS
9.8
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-12153
shame 35/100

The WP Learn Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.8. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to in

Description

The WP Learn Manager plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.8. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins from the WordPress.org repository on the vulnerable site.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.