CVE-2025-13964 is a vulnerability classified under CWE-862 (Missing Authorization) found in the LearnPress plugin for WordPress, a widely used Learning Management System (LMS) plugin. The issue stems from the catch_lp_ajax function lacking proper capability checks, which means that the plugin does not verify whether the requester has the necessary permissions before allowing modifications to course content. This flaw affects all versions up to and including 4.3.2. Because the vulnerability is exploitable without authentication (AV:N/AC:L/PR:N/UI:N), an unauthenticated attacker can send specially crafted AJAX requests to add, remove, update, or reorder course sections and their items. The impact is limited to integrity (I:L) with no direct confidentiality or availability impact. No known public exploits have been reported yet, but the vulnerability is publicly disclosed and assigned a CVSS v3.1 score of 5.3, indicating a medium severity level. The absence of patches at the time of disclosure increases the risk for sites that have not implemented custom mitigations. The vulnerability is significant because it compromises the trustworthiness and accuracy of educational content, which can have downstream effects on learners and organizations relying on the platform for training or certification.

For European organizations, especially educational institutions, corporate training providers, and e-learning platforms using the LearnPress plugin, this vulnerability poses a risk of unauthorized content manipulation. Attackers could alter course materials, potentially inserting misleading or harmful information, removing critical content, or disrupting course structure. This undermines the integrity of educational offerings and could lead to reputational damage, loss of learner trust, and compliance issues if regulated training content is affected. Since the exploit requires no authentication, any public-facing WordPress site with LearnPress installed is exposed. The impact is primarily on data integrity rather than confidentiality or availability, but the consequences can be severe in contexts where accurate training content is critical. Additionally, the lack of known exploits currently provides a window for organizations to act before widespread attacks occur.

1. Monitor the LearnPress plugin vendor’s announcements closely and apply official patches immediately once released. 2. Until patches are available, implement web application firewall (WAF) rules to block unauthorized AJAX requests targeting the catch_lp_ajax function or related endpoints. 3. Restrict access to administrative AJAX endpoints by IP address or authentication where possible. 4. Review and harden WordPress user roles and permissions to minimize exposure. 5. Conduct regular integrity checks on course content to detect unauthorized changes promptly. 6. Consider temporarily disabling the LearnPress plugin or restricting course modification capabilities if feasible. 7. Employ security plugins that can detect anomalous AJAX activity or unauthorized content changes. 8. Educate site administrators about the vulnerability and encourage vigilance for suspicious activity. These steps go beyond generic advice by focusing on immediate protective controls and monitoring until a patch is available.