WP-Safety

LearnPress – Course Review Security & Risk Analysis

wordpress.org/plugins/learnpress-course-review

LearnPress Course Review - An extension plugin for LearnPress.

30K active installs v4.2.0 PHP 7.4+ WP 6.0+ Updated Jan 16, 2026
e-learningeducationlearning-management-systemlmsreview
99
A · Safe
CVEs total1
Unpatched0
Last CVEJan 15, 2026
Plugin page Download
Safety Verdict

Is LearnPress – Course Review Safe to Use in 2026?

Generally Safe

Score 99/100

LearnPress – Course Review has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Jan 15, 2026Updated 4mo ago
Risk Assessment

The static analysis of learnpress-course-review v4.2.0 indicates a generally positive security posture with no identified critical or high severity taint flows and all SQL queries utilizing prepared statements. However, a significant concern is the low percentage of properly escaped output (44%), suggesting a risk of Cross-Site Scripting (XSS) vulnerabilities where user-supplied data might not be adequately sanitized before being displayed. Furthermore, the absence of nonce checks and capability checks on entry points is a major weakness. While the static analysis found no direct vulnerabilities in the current version, the vulnerability history reveals a past medium-severity XSS vulnerability. This, coupled with the high percentage of unescaped output, suggests a potential for recurring XSS issues if not addressed proactively.

Key Concerns

  • Low output escaping percentage
  • 0 nonce checks
  • 0 capability checks
  • Past medium severity vulnerability
Vulnerabilities
1 published

LearnPress – Course Review Security Vulnerabilities

CVEs by Year

1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-24361medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

LearnPress – Course Review <= 4.1.9 - Authenticated (Learnpress student+) Stored Cross-Site Scripting

Jan 15, 2026 Patched in 4.2.0 (13d)
Version History

LearnPress – Course Review Release Timeline

v4.2.0Current
v4.1.91 CVE
CVE-2026-24361
v4.1.81 CVE
CVE-2026-24361
v4.1.71 CVE
CVE-2026-24361
v4.1.61 CVE
CVE-2026-24361
v4.1.51 CVE
CVE-2026-24361
v4.1.41 CVE
CVE-2026-24361
v4.1.31 CVE
CVE-2026-24361
v4.1.21 CVE
CVE-2026-24361
v4.1.11 CVE
CVE-2026-24361
v4.1.01 CVE
CVE-2026-24361
v4.0.91 CVE
CVE-2026-24361
v4.0.81 CVE
CVE-2026-24361
v4.0.71 CVE
CVE-2026-24361
v4.0.61 CVE
CVE-2026-24361
v4.0.51 CVE
CVE-2026-24361
v4.0.41 CVE
CVE-2026-24361
v4.0.31 CVE
CVE-2026-24361
v3.0.51 CVE
CVE-2026-24361
v3.0.41 CVE
CVE-2026-24361
Code Analysis
Analyzed Mar 16, 2026

LearnPress – Course Review Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
9 prepared
Unescaped Output
38
30 escaped
Nonce Checks
0
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared9 total queries

Output Escaping

44% escaped68 total outputs
Attack Surface

LearnPress – Course Review Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 32
actionwp_enqueue_scriptsinc\load.php:92
actionlearn-press/admin-default-stylesinc\load.php:93
filterlearn-press/course-tabsinc\load.php:94
actionwp_set_comment_statusinc\load.php:96
filterlearnPress/prepare_struct_courses_response/courseObjPrepareinc\load.php:114
filterlp/course/meta-box/fields/generalinc\load.php:124
actionlearn-press/widgets/registerinc\load.php:143
actionpre_get_commentsinc\load.php:157
filteradmin_comment_types_dropdowninc\load.php:267
filtercomment_row_actionsinc\load.php:269
filterlp_rest_api_get_rest_namespacesinc\rest-api\class-rest-api.php:12
actionlearn-press/course-review/rating-reviewsinc\TemplateHooks\CourseRatingTemplate.php:32
filterlp/rest/ajax/allow_callbackinc\TemplateHooks\CourseRatingTemplate.php:33
filterlearn-press/widget/course-filter/settingsinc\TemplateHooks\FilterCourseRatingTemplate.php:27
actionlearn-press/filter-courses/sections/field/htmlinc\TemplateHooks\FilterCourseRatingTemplate.php:29
filterlearn-press/courses/handle_params_for_query_coursesinc\TemplateHooks\FilterCourseRatingTemplate.php:31
filterlearn-press/courses/order-by/valuesinc\TemplateHooks\FilterCourseRatingTemplate.php:33
filterlp/courses/filter/order_by/ratinginc\TemplateHooks\FilterCourseRatingTemplate.php:35
actionlearn-press/widget/beforeinc\TemplateHooks\FilterCourseRatingTemplate.php:37
actionlearn-press/list-courses/layoutinc\TemplateHooks\FilterCourseRatingTemplate.php:48
filterlearn-press/single-course/modern/section_leftinc\TemplateHooks\TemplateHooks.php:30
filterlearn-press/single-course/modern/section-instructorinc\TemplateHooks\TemplateHooks.php:37
filterlearn-press/single-course/offline/section-leftinc\TemplateHooks\TemplateHooks.php:38
filterlearn-press/single-course/offline/info-barinc\TemplateHooks\TemplateHooks.php:47
filterlearn-press/layout/list-courses/item/section/bottominc\TemplateHooks\TemplateHooks.php:54
actionlearn-press/course-meta-primary-leftinc\TemplateHooks\TemplateHooks.php:56
filtercomment_textinc\TemplateHooks\TemplateHooks.php:59
actionadd_meta_boxesinc\TemplateHooks\TemplateHooks.php:60
actionedit_commentinc\TemplateHooks\TemplateHooks.php:61
actionadmin_menuinc\TemplateHooks\TemplateHooks.php:63
actionadmin_noticeslearnpress-course-review.php:79
actionlearn-press/readylearnpress-course-review.php:91
Maintenance & Trust

LearnPress – Course Review Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 16, 2026
PHP min version7.4
Downloads1.2M

Community Trust

Rating50/100
Number of ratings8
Active installs30K
Alternatives

LearnPress – Course Review Alternatives

LearnPress – Course Wishlist

LearnPress – Course Wishlist

learnpress-wishlist

A
100

LearnPress Wishlist add wishlist feature to your LearnPress course in your site.

20K No CVEs
LearnPress – Prerequisites Courses

LearnPress – Prerequisites Courses

learnpress-prerequisites-courses

A
100

LearnPress Prerequisites is an add-on for LearnPress allow you to set prerequisite courses for a certain course in a LearnPress site.

6K No CVEs
LearnPress – bbPress Integration

LearnPress – bbPress Integration

learnpress-bbpress

A
92

bbPress addon for LearnPress is a plugin which bring bbPress features to LearnPress - WordPress LMS Plugin.

2K No CVEs
LearnPress – BuddyPress Integration

LearnPress – BuddyPress Integration

learnpress-buddypress

A
100

LearnPress buddyPress bring wonderful profile page for LearnPress.

2K No CVEs
SkillTriks

SkillTriks

skilltriks

A
100

Transform your WordPress site into a dynamic Learning Management System (LMS) using our innovative WordPress LMS Plugin.

0 No CVEs
Developer Profile

LearnPress – Course Review Developer Profile

ThimPress

21 plugins · 209K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
252 days
View full developer profile
Detection Fingerprints

How We Detect LearnPress – Course Review

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/learnpress-course-review/assets/css/course-review.css/wp-content/plugins/learnpress-course-review/assets/js/course-review.js
Script Paths
/wp-content/plugins/learnpress-course-review/assets/js/course-review.js
Version Parameters
learnpress-course-review/assets/css/course-review.css?ver=learnpress-course-review/assets/js/course-review.js?ver=

HTML / DOM Fingerprints

CSS Classes
lp-course-reviewcourse-review-wrappercourse-review-formcourse-reviews-listcourse-review-itemlp-course-rating
HTML Comments
<!-- Course Review --><!-- Course Review Form --><!-- Course Reviews List -->
Data Attributes
data-course-iddata-rating
JS Globals
lpCourseReviewlp_course_review_params
REST Endpoints
/wp-json/lp/v1/courses/reviews
Shortcode Output
[course_review]
FAQ

Frequently Asked Questions about LearnPress – Course Review