CVE Catalog

CVE-2026-7565

MediumCVSS 4.9
Published: Updated: Translated: NVD NIST

Summary

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to Arbitrary File Read via Directory Traversal in all versions up to and including 4.1.4 via the 'import-user-file' parameter. This allows authenticated attackers with administrator-level access and above to read the contents of arbitrary files on the server.

Risk Assessment

Attackers may gain access to sensitive information stored in files on the server, potentially leading to serious data security breaches.

Recommendation

It is recommended to update the plugin to the latest version and restrict access to import parameters only to trusted users.

Original NVD description (English source)

The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to Arbitrary File Read via Directory Traversal in all versions up to, and including, 4.1.4 via the 'import-user-file' parameter parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS