CVE-2026-8383
EUVD-2026-3755817.06.2026, 13:21
The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted requestEnginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.
Common Weakness Enumeration