CVE-2023-6223: 
WordPress vulnerability analysis and mitigation

The LearnPress WordPress plugin was found to contain an Insecure Direct Object Reference (IDOR) vulnerability, identified as CVE-2023-6223. This security flaw affects all versions of the plugin up to and including version 4.2.5.7. The vulnerability was discovered in the WordPress plugin's functionality related to the /wp- endpoint (NVD).

The vulnerability has been assigned a CVSS v3.1 score indicating a low to moderate severity level with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. This scoring suggests that the vulnerability requires network access and low privileges to exploit, requires no user interaction, and can potentially lead to limited confidentiality impact (Wordfence).

The vulnerability could potentially allow authenticated users to access information through insecure direct object references that they should not have permission to view (NVD).

Website administrators running affected versions of the LearnPress plugin should update to a patched version as soon as it becomes available. The vulnerability was addressed in a subsequent release, as evidenced by the plugin's changelog (WordPress Trac).