CVE-2026-7648 — The LearnPress – WordPress LMS Plugin for Create and Sell

/MEDIUM /CVSS 4.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
National Vulnerability Database vulnerabilitycvemedium-severitycwe-639
CVE-2026-7648 — The LearnPress – WordPress LMS Plugin for Create and Sell

CVE-2026-7648 — The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to payment bypass through user-controlled key in all versions up to, and including, 4.3.5. This is due to improper handling of user-supplied request parameters in the REST API

What This Means For You

  • If your environment is affected by CWE-639, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-7648 updates and patches.

Related ATT&CK Techniques

T1078.004 Cloud Accounts Initial Access T1505.003 Exploit Public-Facing Application Initial Access

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1505.003 Persistence

CVE-2026-7648 - LearnPress Payment Bypass via Zero Quantity

Sigma YAML — free preview 
title: CVE-2026-7648 - LearnPress Payment Bypass via Zero Quantity
id: scw-2026-05-14-ai-1
status: experimental
level: high
description: |
  Detects the specific payment bypass vulnerability in the LearnPress WordPress plugin (CVE-2026-7648). Attackers with subscriber-level access can enroll in paid courses for free by manipulating the 'quantity' parameter to '0' in the add_to_cart AJAX request, causing the order total to be $0 and bypassing payment gateway checks.
author: SCW Feed Engine (AI-generated)
date: 2026-05-14
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-7648/
tags:
  - attack.persistence
  - attack.t1505.003
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/wp-admin/admin-ajax.php'
      cs-uri-query|contains:
          - 'action=add_to_cart'
      cs-uri-query|contains:
          - 'quantity=0'
      condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-7648 vulnerability CVE-2026-7648
CWE-639 weakness CWE-639

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 14, 2026 at 08:16 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-8280 — GitLab CE/EE Affecting All Versions From 8.3 Before 18.9.7, Denial of Service

CVE-2026-8280 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-770
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 2 IOCs /⚙ 3 Sigma

CVE-2026-8181: WordPress Burst Statistics Plugin Critical Auth Bypass

CVE-2026-8181 — The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1....

vulnerabilityCVEcriticalhigh-severityprivilege-escalationcwe-287
/SCW Vulnerability Desk /CRITICAL /9.8 /⚑ 3 IOCs /⚙ 6 Sigma

GitLab CVE-2026-7481: Developer XSS Vulnerability Patched

CVE-2026-7481 — GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that...

vulnerabilityCVEhigh-severitycwe-79
/SCW Vulnerability Desk /HIGH /8.7 /⚑ 4 IOCs /⚙ 3 Sigma