CVE-2024-6099: CWE-420 Unprotected Alternate Channel in thimpress LearnPress – WordPress LMS Plugin for Create and Sell Online Courses
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the 'check_validate_fields' function in the checkout. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled.
AI Analysis
Technical Summary
CVE-2024-6099 is an unprotected alternate channel vulnerability (CWE-420) in the LearnPress WordPress LMS Plugin that allows unauthenticated attackers to bypass user registration controls. Specifically, the 'check_validate_fields' function in the checkout process lacks proper validation, permitting attackers to register accounts with the default role despite registration being disabled. This affects versions up to and including 4.2.6.8.1. The vulnerability has a CVSS 3.1 base score of 5.3, indicating medium severity. No patch or official remediation guidance has been published by the vendor as of the data provided.
Potential Impact
An attacker can create user accounts on a vulnerable LearnPress installation without authentication, bypassing any registration restrictions configured by the site administrator. This could allow unauthorized access with default user privileges, potentially enabling further abuse depending on the site's configuration and user role permissions. There is no indication of confidentiality, integrity, or availability impact beyond unauthorized user creation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, administrators should monitor for updates from thimpress and consider restricting access to the registration functionality or disabling the LearnPress plugin if possible. No official patch or temporary fix is currently documented.
CVE-2024-6099: CWE-420 Unprotected Alternate Channel in thimpress LearnPress – WordPress LMS Plugin for Create and Sell Online Courses
Description
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the 'check_validate_fields' function in the checkout. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-6099 is an unprotected alternate channel vulnerability (CWE-420) in the LearnPress WordPress LMS Plugin that allows unauthenticated attackers to bypass user registration controls. Specifically, the 'check_validate_fields' function in the checkout process lacks proper validation, permitting attackers to register accounts with the default role despite registration being disabled. This affects versions up to and including 4.2.6.8.1. The vulnerability has a CVSS 3.1 base score of 5.3, indicating medium severity. No patch or official remediation guidance has been published by the vendor as of the data provided.
Potential Impact
An attacker can create user accounts on a vulnerable LearnPress installation without authentication, bypassing any registration restrictions configured by the site administrator. This could allow unauthorized access with default user privileges, potentially enabling further abuse depending on the site's configuration and user role permissions. There is no indication of confidentiality, integrity, or availability impact beyond unauthorized user creation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, administrators should monitor for updates from thimpress and consider restricting access to the registration functionality or disabling the LearnPress plugin if possible. No official patch or temporary fix is currently documented.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2024-06-17T21:41:27.658Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6bfab7ef31ef0b55d496
Added to database: 2/25/2026, 9:39:06 PM
Last enriched: 4/9/2026, 2:52:57 PM
Last updated: 4/12/2026, 3:01:15 PM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.