AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2020-7916: be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress allows any registered u

mediumvulnerability

security

Source: NVD/CVE DatabaseMarch 16, 2020CVE-2020-7916

Summary

The LearnPress plugin for WordPress versions 3.2.6.5 and earlier has a privilege escalation vulnerability (CVE-2020-7916) where any registered user can assign themselves the teacher role without permission checks, allowing them to access restricted instructor data. The flaw exists in the be_teacher function within class-lp-admin-ajax.php, which can be exploited through a specific URL endpoint without additional verification.

Vulnerability Details

CVSS Score

6.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.4%

Classification

Attack SophisticationTrivial

Taxonomy References

CWE (Weakness Type)

CWE-269

CAPEC (Attack Pattern)

CAPEC-122

Original source: https://nvd.nist.gov/vuln/detail/CVE-2020-7916

First tracked: February 15, 2026 at 08:37 PM

Classified by LLM (prompt v3) · confidence: 95%