CVE-2026-7648 | ThimPress LearnPress Plugin up to 4.3.5 on WordPress REST API Endpoint add_to_cart authorization

A vulnerability classified as critical has been found in ThimPress LearnPress Plugin up to 4.3.5 on WordPress. Affected by this vulnerability is the function add_to_cart of the component REST API Endpoint. The manipulation leads to authorization bypass.

This vulnerability is listed as CVE-2026-7648. The attack may be initiated remotely. There is no available exploit.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More