Product
The WP Learn Manager plugin for WordPress, in versions up to and including 1.1.8, is vulnerable to an authorization bypass (CVE-2026-12153) allowing unauthenticated attackers to install and activate arbitrary plugins from the WordPress.org repository, potentially leading to full site compromise.