AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-3226: The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering d

mediumvulnerability

security

Source: NVD/CVE DatabaseMarch 11, 2026CVE-2026-3226

Summary

The LearnPress WordPress plugin (up to version 4.3.2.8) has a security flaw where it sends emails without checking user permissions properly. An authenticated attacker with basic subscriber access can trick the plugin into sending fake emails to administrators and instructors, which could be used for spam, social engineering (manipulating people through deception), or impersonating admin decisions.

Vulnerability Details

CVSS Score

4.3(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

network

Attack Complexity

low

Privileges Required

low

User Interaction

none

Disclosure Date

March 11, 2026

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-862

CAPEC (Attack Pattern)

CAPEC-122

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-3226

First tracked: March 12, 2026 at 12:07 AM

Classified by LLM (prompt v3) · confidence: 95%