Does LearnPress – Backup & Migration Tool have any unpatched vulnerabilities?

Yes — LearnPress – Backup & Migration Tool currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is LearnPress – Backup & Migration Tool compatible with WordPress 6.9.4?

According to WordPress.org data, LearnPress – Backup & Migration Tool 4.1.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is LearnPress – Backup & Migration Tool compatible with PHP 7.4+?

LearnPress – Backup & Migration Tool requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is LearnPress – Backup & Migration Tool updated?

LearnPress – Backup & Migration Tool was last updated on Mar 12, 2026. Frequent updates are generally a positive security signal.

What is LearnPress – Backup & Migration Tool's security score?

LearnPress – Backup & Migration Tool has a WP-Safety security score of 57/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

LearnPress – Backup & Migration Tool Security & Risk Analysis

wordpress.org/plugins/learnpress-import-export

LearnPress Export/Import bring you feature to export course, lesson, quiz, question from a LearnPress site to back up or bring to another LearnPress s …

5K active installs v4.1.3 PHP 7.4+ WP 6.0+ Updated Mar 12, 2026

e-learningimport-exportlearning-management-systemlearnpress

C · Use Caution

CVEs total7

Unpatched1

Last CVEFeb 11, 2026

Plugin page Download

Safety Verdict

Is LearnPress – Backup & Migration Tool Safe to Use in 2026?

Use With Caution

Score 57/100

LearnPress – Backup & Migration Tool has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

7 known CVEs 1 unpatched Last CVE: Feb 11, 2026Updated 22d ago

Risk Assessment

The "learnpress-import-export" plugin version 4.1.3 presents a mixed security posture. While the static analysis indicates a clean attack surface with no exposed AJAX handlers, REST API routes, shortcodes, or cron events without authentication, and a good percentage of SQL queries using prepared statements, there are significant concerns regarding output escaping and historical vulnerabilities. The static analysis reveals that only 53% of output is properly escaped, leaving room for potential Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the taint analysis identified four flows with unsanitized paths, though none reached critical or high severity in this specific analysis, this still indicates potential for file inclusion or path traversal issues if not handled correctly.

The plugin's vulnerability history is a major red flag. With a total of 7 known CVEs, including 1 critical and 1 high severity vulnerability, and one critical vulnerability remaining unpatched, the plugin has a track record of serious security flaws. The types of past vulnerabilities (Missing Authorization, PHP Remote File Inclusion, XSS, SQL Injection) are common and impactful, suggesting recurring issues in input validation and access control. The recentness of the last vulnerability (2026-02-11) indicates ongoing security problems.

In conclusion, despite a seemingly secure entry point surface in this version, the high number of past vulnerabilities, the presence of unpatched critical issues, and the concerning output escaping and taint analysis results suggest a plugin that requires careful scrutiny. Users should be aware of the historical risk and the potential for unpatched vulnerabilities to be exploited. The plugin's development may not be keeping pace with security best practices, making it a potential target.

Key Concerns

1 unpatched critical CVE
1 unpatched high CVE
4 flows with unsanitized paths
Output escaping only 53% proper
5 medium CVEs

Vulnerabilities

LearnPress – Backup & Migration Tool Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

3 CVEs in 2024

2024

2 CVEs in 2025 · unpatched

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

7 total CVEs

CVE-2026-1787medium · 4.8Missing Authorization

LearnPress Export Import <= 4.1.0 - Missing Authentication to Unauthenticated Migrated Course Deletion

Feb 11, 2026 Patched in 4.1.1 (10d)

CVE-2025-49992medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

LearnPress Export Import <= 4.0.9 - Reflected Cross-Site Scripting

Jul 22, 2025 Patched in 4.1.0 (220d)

CVE-2025-60200high · 8.1Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

LearnPress Export Import <= 4.0.9 - Unauthenticated Local File Inclusion

Jul 21, 2025Unpatched

CVE-2024-9609medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

LearnPress Export Import – WordPress extension for LearnPress <= 4.0.4 - Reflected Cross-Site Scripting

Nov 14, 2024 Patched in 4.0.5 (1d)

CVE-2024-32588medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

LearnPress Export Import <= 4.0.3 - Reflected Cross-Site Scripting

Apr 16, 2024 Patched in 4.0.4 (10d)

CVE-2024-31241critical · 9.1Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

LearnPress Export Import <= 4.0.3 - Authenticated (Administrator+) SQL Injection

Apr 5, 2024 Patched in 4.0.4 (7d)

CVE-2023-30487medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

LearnPress - Export/Import Courses <= 4.0.2 - Reflected Cross-Site Scripting

Apr 17, 2023 Patched in 4.0.3 (281d)

Code Analysis

Analyzed Mar 16, 2026

LearnPress – Backup & Migration Tool Code Analysis

Dangerous Functions

Raw SQL Queries

82 prepared

Unescaped Output

144

165 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

92% prepared89 total queries

Output Escaping

53% escaped309 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

do_import (inc\admin\providers\learnpress\class-lp-import-user-data.php:148)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

LearnPress – Backup & Migration Tool Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 33

actionlpie_do_export_item_metainc\admin\providers\addons\assignment\class-lp-assignment-import-export.php:23

filterupload_mimesinc\admin\providers\addons\assignment\class-lp-assignment-import-export.php:26

filterlearn-press/import/postdatainc\admin\providers\addons\assignment\class-lp-assignment-import-export.php:28

actionlearn-press/import/process-typeinc\admin\providers\addons\assignment\class-lp-assignment-import-export.php:30

actionlpie_do_export_item_metainc\admin\providers\addons\h5p\class-lp-h5p-import-export.php:21

filterlearn-press/import/postdatainc\admin\providers\addons\h5p\class-lp-h5p-import-export.php:24

actionlearn-press/import/process-typeinc\admin\providers\addons\h5p\class-lp-h5p-import-export.php:27

actionlpie_export_view_step_1inc\admin\providers\learnpress\class-lp-export-learnpress.php:47

actionlpie_export_view_step_2inc\admin\providers\learnpress\class-lp-export-learnpress.php:48

actionlpie_export_view_step_3inc\admin\providers\learnpress\class-lp-export-learnpress.php:49

actionlpie_do_export_item_metainc\admin\providers\learnpress\class-lp-export-learnpress.php:51

actionlpie_import_view_step_1inc\admin\providers\learnpress\class-lp-import-learnpress.php:78

actionlpie_import_view_step_2inc\admin\providers\learnpress\class-lp-import-learnpress.php:79

actionlpie_import_view_step_3inc\admin\providers\learnpress\class-lp-import-learnpress.php:80

actionlpie_import_forminc\admin\providers\learnpress\class-lp-import-user-data.php:74

actionlpie_import_user_step_1inc\admin\providers\learnpress\class-lp-import-user-data.php:77

actionlpie_import_user_step_2inc\admin\providers\learnpress\class-lp-import-user-data.php:78

actionlpie_import_user_step_3inc\admin\providers\learnpress\class-lp-import-user-data.php:79

actionlpie_import_user_from_serverinc\admin\providers\learnpress\class-lp-import-user-data.php:82

filterlpie_export_provider_classinc\class-lp-export.php:23

actionlearn-press/import/process-typeinc\class-lp-import.php:31

actionrest_api_initinc\LearnDashMigration\LearnDashMigrationController.php:27

filterlearn-press/course-sectionsinc\LearnDashMigration\LP_Curriculum_Patch.php:48

actionadmin_menuinc\load.php:72

actionadmin_enqueue_scriptsinc\load.php:73

actionadmin_initinc\load.php:74

actionadmin_menuinc\Migration\Controllers\AdminMenuController.php:21

actionadmin_enqueue_scriptsinc\Migration\Controllers\EnqueueScriptsController.php:29

actionwp_enqueue_scriptsinc\Migration\Controllers\EnqueueScriptsController.php:30

actionlearnpress_page_lp-migration-toolinc\Migration\Controllers\MigrationPopupController.php:10

actionrest_api_initinc\Migration\Controllers\TutorMigrationController.php:33

actionadmin_noticeslearnpress-import-export.php:114

actionlearn-press/readylearnpress-import-export.php:125

Maintenance & Trust

LearnPress – Backup & Migration Tool Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 12, 2026

PHP min version7.4

Downloads220K

Community Trust

Rating62/100

Number of ratings15

Active installs5K

Alternatives

LearnPress – Backup & Migration Tool Alternatives

VoguePay Plugin for LearnPress

lp-voguepay

VoguePay Plugin for LearnPress helps you recieve payment online in an easy and secured way on LearnPress.

10 No CVEs

LearnPress – Course Review

learnpress-course-review

LearnPress Course Review - An extension plugin for LearnPress.

30K 1 CVE

LearnPress – Course Wishlist

learnpress-wishlist

100

LearnPress Wishlist add wishlist feature to your LearnPress course in your site.

20K No CVEs

LearnPress – Prerequisites Courses

learnpress-prerequisites-courses

LearnPress Prerequisites is an add-on for LearnPress allow you to set prerequisite courses for a certain course in a LearnPress site.

6K No CVEs

LearnPress – bbPress Integration

learnpress-bbpress

100

bbPress addon for LearnPress is a plugin which bring bbPress features to LearnPress - WordPress LMS Plugin.

2K No CVEs

Developer Profile

LearnPress – Backup & Migration Tool Developer Profile

ThimPress

21 plugins · 209K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

265 days

View full developer profile

Detection Fingerprints

How We Detect LearnPress – Backup & Migration Tool

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/learnpress-import-export/assets/css/backend.css/wp-content/plugins/learnpress-import-export/assets/js/backend.js/wp-content/plugins/learnpress-import-export/assets/css/frontend.css/wp-content/plugins/learnpress-import-export/assets/js/frontend.js

Script Paths

/wp-content/plugins/learnpress-import-export/assets/js/backend.js/wp-content/plugins/learnpress-import-export/assets/js/frontend.js

Version Parameters

learnpress-import-export/assets/css/backend.css?ver=learnpress-import-export/assets/js/backend.js?ver=learnpress-import-export/assets/css/frontend.css?ver=learnpress-import-export/assets/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

lpie-export-source

HTML Comments

+1 more

Data Attributes

name="exporter"name="step"name="action"name="export-nonce"value="export"

JS Globals

learn_press_get_request

FAQ