CVE-2025-67536 identifies a stored Cross-site Scripting (XSS) vulnerability in the ThimPress LearnPress plugin, a popular WordPress plugin used for managing e-learning content. The vulnerability stems from improper neutralization of user-supplied input during the generation of web pages, which allows attackers to inject malicious JavaScript code that is stored persistently within the application. When other users access the affected pages, the malicious script executes in their browsers under the context of the vulnerable site. This can lead to a variety of attacks including session hijacking, theft of sensitive information such as cookies or credentials, and unauthorized actions performed on behalf of the victim user. The vulnerability affects all LearnPress versions up to and including 4.2.9.4. No CVSS score has been assigned yet, and no public exploits have been reported. However, stored XSS vulnerabilities are generally considered severe due to their persistent nature and broad impact. The issue was reserved and published on December 9, 2025, by Patchstack. The lack of a patch link suggests that a fix may not yet be publicly available, emphasizing the need for vigilance and interim mitigations. The vulnerability requires no authentication or user interaction to be exploited, increasing its risk profile. Organizations using LearnPress, particularly those in education sectors relying on WordPress, are at risk of compromise through this vulnerability.

For European organizations, especially educational institutions, training providers, and e-learning platforms using the LearnPress plugin, this vulnerability poses significant risks. Exploitation can lead to unauthorized access to user sessions, enabling attackers to impersonate legitimate users and potentially access sensitive educational data or administrative functions. The persistent nature of stored XSS means that multiple users can be affected over time, amplifying the impact. Confidentiality is at risk due to potential data theft, integrity can be compromised through unauthorized actions, and availability could be indirectly affected if attackers disrupt services or cause reputational damage. Given the widespread use of WordPress and LearnPress in Europe, particularly in countries with strong e-learning adoption, the threat could affect a large number of users. Additionally, regulatory frameworks such as GDPR impose strict requirements on data protection, and exploitation of this vulnerability could lead to compliance violations and financial penalties.

1. Monitor official ThimPress and WordPress plugin repositories for updates and apply patches immediately once available to remediate the vulnerability. 2. Until a patch is released, implement strict input validation and output encoding on all user-supplied data fields within LearnPress to prevent malicious script injection. 3. Deploy Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of potential XSS attacks. 4. Conduct regular security audits and penetration testing focused on web application vulnerabilities, including XSS, to identify and remediate weaknesses proactively. 5. Educate administrators and users about the risks of XSS and encourage cautious behavior regarding suspicious links or inputs. 6. Consider isolating or restricting access to LearnPress administrative interfaces to trusted IP ranges or via VPN to reduce exposure. 7. Implement Web Application Firewalls (WAFs) with rules designed to detect and block XSS payloads targeting LearnPress endpoints. 8. Backup LearnPress data regularly to enable recovery in case of compromise.