Shared security patch analysis results
AI Used: claude_cli haikuComprehensive security analysis generated by AI for each confirmed CVE match. Click on a CVE to view the detailed writeup including vulnerability background, technical details, patch analysis, and PoC guide.
--- cache/learnpress_4.3.2/inc/rest-api/class-lp-core-api.php 2026-01-08 00:36:49.996235183 +0000+++ cache/learnpress_4.3.2.1/inc/rest-api/class-lp-core-api.php 2026-01-07 00:41:19.185190753 +0000@@ -51,7 +51,6 @@ 'LP_REST_Courses_Controller', 'LP_REST_Lazy_Load_Controller', 'LP_REST_Profile_Controller',- 'LP_REST_Orders_Controller', 'LP_REST_Widgets_Controller', 'LP_REST_Addon_Controller', 'LP_Rest_Material_Controller',
Vulnerability Existed: no [No CWE] - [N/A] - inc/rest-api/class-lp-core-api.php [54] Old Code: ```php 'LP_REST_Orders_Controller', ``` Fixed Code: ```php (line removed) ``` Explanation: This change removes the registration of the 'LP_REST_Orders_Controller' from the controllers list. This is a removal of functionality rather than a security fix. Without additional context about what this controller does, there is no evidence that this change fixes a security vulnerability. It appears to be a feature removal or deprecation. The removal itself does not address any known vulnerability pattern (such as input validation, authentication, authorization, injection, etc.). This would need to be evaluated in the context of what the Orders Controller actually does and why it was removed, but based solely on this diff, no security vulnerability fix is evident.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/learnpress.php 2026-01-08 00:36:50.224249001 +0000+++ cache/learnpress_4.3.2.1/learnpress.php 2026-01-07 00:41:19.457207323 +0000@@ -1,1044 +1,1044 @@-<?php -/** - * Plugin Name: LearnPress - * Plugin URI: https://thimpress.com/learnpress - * Description: LearnPress is a WordPress complete solution for creating a Learning Management System (LMS). It can help you to create courses, lessons and quizzes. - * Author: ThimPress - * Version: 4.3.2 - * Author URI: http://thimpress.com - * Requires at least: 6.0 - * Requires PHP: 7.4 - * Text Domain: learnpress - * Domain Path: /languages/ - * - * @package LearnPress - */ - -use LearnPress\Ajax\EditQuestionAjax; -use LearnPress\Ajax\EditQuizAjax; -use LearnPress\Ajax\LessonAjax; -use LearnPress\Ajax\LoadContentViaAjax; -use LearnPress\Ajax\AI\OpenAiAjax; -use LearnPress\Background\LPBackgroundTrigger; -use LearnPress\ExternalPlugin\Elementor\LPElementor; -use LearnPress\ExternalPlugin\RankMath\LPRankMath; -use LearnPress\ExternalPlugin\YoastSeo\LPYoastSeo; -use LearnPress\Gutenberg\GutenbergHandleMain; -use LearnPress\Ajax\EditCurriculumAjax; -use LearnPress\Ajax\SendEmailAjax; -use LearnPress\Models\CourseModel; -use LearnPress\Models\UserModel; -use LearnPress\Shortcodes\Course\FilterCourseShortcode; -use LearnPress\Shortcodes\CourseButtonShortcode; -use LearnPress\Shortcodes\ListInstructorsShortcode; -use LearnPress\Shortcodes\SingleInstructorShortcode; -use LearnPress\Shortcodes\CourseMaterialShortcode; -use LearnPress\TemplateHooks\Admin\AI\AdminCreateCourseAITemplate; -use LearnPress\TemplateHooks\Admin\AI\AdminEditCourseCurriculumWithAITemplate; -use LearnPress\TemplateHooks\Admin\AI\AdminEditWithAITemplate; -use LearnPress\TemplateHooks\Admin\AdminEditQizTemplate; -use LearnPress\TemplateHooks\Admin\AdminEditQuestionTemplate; -use LearnPress\TemplateHooks\Course\AdminEditCurriculumTemplate; -use LearnPress\TemplateHooks\Course\FilterCourseTemplate; -use LearnPress\TemplateHooks\Course\ListCoursesRelatedTemplate; -use LearnPress\TemplateHooks\Course\ListCoursesTemplate; -use LearnPress\TemplateHooks\Course\SingleCourseModernLayout; -use LearnPress\TemplateHooks\Course\SingleCourseOfflineTemplate; -use LearnPress\TemplateHooks\Course\SingleCourseClassicTemplate; -use LearnPress\TemplateHooks\Course\SingleCourseTemplate; -use LearnPress\TemplateHooks\Instructor\ListInstructorsTemplate; -use LearnPress\TemplateHooks\Instructor\SingleInstructorTemplate; -use LearnPress\TemplateHooks\Profile\ProfileCoursesTemplate; -use LearnPress\TemplateHooks\Profile\ProfileGeneralInfoTemplate; -use LearnPress\TemplateHooks\Profile\ProfileInstructorStatisticsTemplate; -use LearnPress\TemplateHooks\Profile\ProfileQuizzesTemplate; -use LearnPress\TemplateHooks\Profile\ProfileOrdersTemplate; -use LearnPress\TemplateHooks\Profile\ProfileOrderTemplate; -use LearnPress\TemplateHooks\Profile\ProfileStudentStatisticsTemplate; -use LearnPress\TemplateHooks\Course\CourseMaterialTemplate; -use LearnPress\TemplateHooks\Order\AdminOrderItemsTemplate; -use LearnPress\Widgets\LPRegisterWidget; -use LearnPress\WPGDPR\ErasePersonalData; -use LearnPress\WPGDPR\ExportPersonalData; - -defined( 'ABSPATH' ) || exit(); - -if ( ! class_exists( 'LearnPress' ) ) { - /** - * Class LearnPress - * - * Version 3.0.1 - */ - class LearnPress { - /** - * Current version of the plugin - * - * @var string - */ - public $version = ''; - /** - * Version database require, use for this LP source - * - * @var int - */ - public $db_version = 5; - - /** - * The single instance of the class - * - * @var LearnPress object - */ - private static $_instance = null; - - /** - * Store the session class - * - * @var LP_Session_Handler - */ - public $session = null; - - /** - * @var LP_Cart object - */ - public $cart = false; - - /** - * @var LP_Settings - */ - public $settings = null; - - /** - * @var array - */ - public $query_vars = array(); - - /** - * @var array - */ - public $global = array(); - - /** - * @var LP_Template - */ - public $template = null; - - /** - * @var LP_Core_API - */ - public $api = null; - - /** - * @var LP_Admin_Core_API - */ - public $admin_api = null; - - /** - * @var string - */ - public $thim_core_version_require = '2.0.0'; - - public static $time_limit_default_of_sever = 0; - - /** - * LearnPress constructor. - */ - private function __construct() { - /*if ( isset( $_POST['action'] ) && 'heartbeat' === $_POST['action'] ) { - return; - }*/ - - try { - $this->prepare_before_handle(); - - if ( ! LP_Install::instance()->tables_install_done() ) { - return; - } - - // Must handle in hook init of WordPress, when loaded plugins, theme, user. - add_action( 'init', [ $this, 'lp_main_handle' ], - 1000 ); - - // hooks . - $this->hooks(); - } catch ( Throwable $e ) { - error_log( __METHOD__ . ': ' . $e->getMessage() ); - } - } - - /** - * Prepare before handle. - * 1.Load constants and includes files. - * 2.Get default time limit of server. - * 3.Update version of LP undefined. - * - * @return void - * @since 4.2.7.6 - * @version 1.0.0 - */ - public function prepare_before_handle() { - // Define constant . - $this->plugin_defines(); - - self::$time_limit_default_of_sever = ini_get( 'max_execution_time' ); - - // Update for case compare version of LP if LEARNPRESS_VERSION undefined - $this->version = LEARNPRESS_VERSION; - if ( is_admin() ) { - $learn_press_version = get_option( 'learnpress_version', '' ); - if ( $learn_press_version !== $this->version ) { - if ( empty( $learn_press_version ) ) { // Case user install new - // Set using modern layout for new installation. - update_option( 'learn_press_layout_single_course', 'modern' ); - } - - update_option( 'learnpress_version', $this->version ); - } - } - - // define table prefixes . - $this->define_tables(); - - // Include files . - $this->includes(); - } - - /** - * Define constant. - */ - protected function plugin_defines() { - if ( ! defined( 'LP_PLUGIN_FILE' ) ) { - define( 'LP_PLUGIN_FILE', __FILE__ ); - include_once 'inc/lp-constants.php'; - } - } - - /** - * Defines database table names. - */ - public function define_tables() { - global $wpdb; - - $tables = array( - 'sessions', - 'sections', - 'section_items', - 'user_items', - 'user_itemmeta', - 'user_item_results', - 'order_items', - 'order_itemmeta', - 'quiz_questions', - 'question_answers', - 'question_answermeta', - ); - - foreach ( $tables as $short_name ) { - $table_name = $wpdb->prefix . LP_TABLE_PREFIX . $short_name; - $backward_key = 'learnpress_' . $short_name; - $wpdb->{$backward_key} = $table_name; - } - } - - /** - * Includes needed files. - */ - public function includes() { - include_once LP_PLUGIN_PATH . 'vendor/autoload.php'; - - // Include required files load anywhere, both frontend and backend. - $this->include_files_global(); - - // include files when LP ready run - after setup success . - if ( ! LP_Install::instance()->tables_install_done() ) { - return; - } - - // Include required files Backend. - $this->include_files_admin(); - - // Include required files Frontend. - $this->include_files_frontend(); - - new LP_Query(); - } - - /** - * load files anywhere, both frontend and backend - * - * @return void - */ - private function include_files_global() { - - // Filter query . - include_once 'inc/Filters/class-lp-filter.php'; - include_once 'inc/Filters/class-lp-post-type-filter.php'; - include_once 'inc/Filters/class-lp-post-meta-filter.php'; - include_once 'inc/Filters/class-lp-user-filter.php'; - include_once 'inc/Filters/class-lp-course-filter.php'; - include_once 'inc/Filters/class-lp-course-json-filter.php'; - include_once 'inc/Filters/class-lp-order-filter.php'; - include_once 'inc/Filters/class-lp-session-filter.php'; - include_once 'inc/Filters/class-lp-section-filter.php'; - include_once 'inc/Filters/class-lp-section-items-filter.php'; - include_once 'inc/Filters/class-lp-question-filter.php'; - include_once 'inc/Filters/class-lp-quiz-filter.php'; - include_once 'inc/Filters/class-lp-user-items-filter.php'; - include_once 'inc/Filters/class-lp-user-item-meta-filter.php'; - include_once 'inc/Filters/class-lp-quiz-filter.php'; - include_once 'inc/Filters/class-lp-quiz-questions-filter.php'; - include_once 'inc/Filters/class-lp-question-answers-filter.php'; - include_once 'inc/Filters/class-lp-question-answermeta-filter.php'; - - // Query Database . - include_once 'inc/Databases/class-lp-db.php'; - include_once 'inc/Databases/class-lp-course-json-db.php'; - include_once 'inc/Databases/class-lp-order-db.php'; - include_once 'inc/Databases/class-lp-post-db.php'; - include_once 'inc/Databases/class-lp-post-meta-db.php'; - include_once 'inc/Databases/class-lp-user-db.php'; - include_once 'inc/Databases/class-lp-course-db.php'; - include_once 'inc/Databases/class-lp-lesson-db.php'; - include_once 'inc/Databases/class-lp-section-db.php'; - include_once 'inc/Databases/class-lp-section-items-db.php'; - include_once 'inc/Databases/class-lp-quiz-db.php'; - include_once 'inc/Databases/class-lp-quiz-questions-db.php'; - include_once 'inc/Databases/class-lp-question-answers-db.php'; - include_once 'inc/Databases/class-lp-sessions-db.php'; - include_once 'inc/Databases/class-lp-question-db.php'; - include_once 'inc/Databases/class-lp-user-items-db.php'; - include_once 'inc/Databases/class-lp-user-item-meta-db.php'; - include_once 'inc/Databases/class-lp-user-item-results-db.php'; - include_once 'inc/Databases/class-thim-cache-db.php'; - include_once 'inc/Databases/class-lp-material-db.php'; - include_once 'inc/Databases/class-lp-statistics-db.php'; - - // File system . - include_once 'inc/class-lp-file-system.php'; - - // File helper - include_once 'inc/class-lp-helper.php'; - - // Template Hooks. - ListCoursesTemplate::instance(); - ListCoursesRelatedTemplate::instance(); - ListInstructorsTemplate::instance(); - SingleCourseTemplate::instance(); - SingleCourseOfflineTemplate::instance(); - SingleCourseModernLayout::instance(); - SingleCourseClassicTemplate::instance(); - SingleInstructorTemplate::instance(); - ProfileInstructorStatisticsTemplate::instance(); - ProfileStudentStatisticsTemplate::instance(); - ProfileOrdersTemplate::instance(); - ProfileOrderTemplate::instance(); - ProfileGeneralInfoTemplate::instance(); - FilterCourseTemplate::instance(); - ProfileQuizzesTemplate::instance(); - ProfileCoursesTemplate::instance(); - - // Admin template hooks. - AdminEditCurriculumTemplate::instance(); - AdminEditQizTemplate::instance(); - AdminEditQuestionTemplate::instance(); - CourseMaterialTemplate::instance(); - AdminOrderItemsTemplate::instance(); - AdminCreateCourseAITemplate::instance(); - AdminEditWithAITemplate::instance(); - AdminEditCourseCurriculumWithAITemplate::instance(); - // WP GDPR - ErasePersonalData::instance(); - ExportPersonalData::instance(); - - // Models - include_once 'inc/Models/class-lp-rest-response.php'; - include_once 'inc/Models/steps/class-lp-group-step.php'; - include_once 'inc/Models/steps/class-lp-step.php'; - include_once 'inc/Models/class-lp-course-extra-info-fast-query-model.php'; - - // Handle steps. - include_once 'inc/handle-steps/class-lp-handle-steps.php'; - include_once 'inc/handle-steps/class-lp-handle-upgrade-db-steps.php'; - - // LP Cache - include_once 'inc/cache/class-lp-cache.php'; - include_once 'inc/cache/class-lp-courses-cache.php'; - include_once 'inc/cache/class-lp-course-cache.php'; - include_once 'inc/cache/class-lp-quiz-cache.php'; - include_once 'inc/cache/class-lp-question-cache.php'; - include_once 'inc/cache/class-lp-session-cache.php'; - include_once 'inc/cache/class-lp-settings-cache.php'; - include_once 'inc/cache/class-lp-user-items-cache.php'; - - // Background processes. - LPBackgroundTrigger::instance(); - include_once 'inc/libraries/wp-background-process/wp-background-processing.php'; - include_once 'inc/background-process/abstract-lp-async-request.php'; - //include_once 'inc/background-process/abstract-lp-async-task.php'; - include_once 'inc/background-process/class-lp-background-single-course.php'; - include_once 'inc/background-process/class-lp-background-single-email.php'; - - // Assets object - include_once 'inc/class-lp-asset-key.php'; - include_once 'inc/abstracts/abstract-assets.php'; - - // Debug class - include_once 'inc/class-lp-debug.php'; - - include_once 'inc/class-lp-settings.php'; - include_once 'inc/abstract-settings.php'; - include_once 'inc/settings/abstract-settings-page.php'; - include_once 'inc/settings/class-lp-settings-courses.php'; - include_once 'inc/class-lp-global.php'; - include_once 'inc/class-lp-datetime.php'; - - // Register custom-post-type and taxonomies . - /*include_once 'inc/custom-post-types/abstract.php'; - include_once 'inc/custom-post-types/course.php'; - include_once 'inc/custom-post-types/lesson.php'; - include_once 'inc/custom-post-types/quiz.php'; - include_once 'inc/custom-post-types/question.php'; - include_once 'inc/custom-post-types/order.php';*/ - - include_once 'inc/interfaces/interface-curd.php'; - include_once 'inc/abstracts/abstract-array-access.php'; - include_once 'inc/abstracts/abstract-object-data.php'; - include_once 'inc/abstracts/abstract-post-data.php'; - - include_once 'inc/curds/class-lp-course-curd.php'; - include_once 'inc/curds/class-lp-section-curd.php'; - include_once 'inc/curds/class-lp-lesson-curd.php'; - include_once 'inc/curds/class-lp-quiz-curd.php'; - include_once 'inc/curds/class-lp-question-curd.php'; - include_once 'inc/curds/class-lp-order-curd.php'; - include_once 'inc/curds/class-lp-user-curd.php'; - include_once 'inc/curds/class-lp-user-item-curd.php'; - - include_once 'inc/course/class-lp-course-item.php'; - include_once 'inc/question/class-lp-question.php'; - include_once 'inc/course/class-lp-course-section.php'; - include_once 'inc/course/class-lp-course-no-required-enroll.php'; - include_once 'inc/user-item/class-lp-user-item.php'; - include_once 'inc/user-item/class-lp-user-item-course.php'; - - include_once 'inc/lp-deprecated.php'; // Will remove if Eduma and guest update all 4.0.0 - include_once 'inc/lp-core-functions.php'; - include_once 'inc/class-lp-autoloader.php'; - - include_once 'inc/lp-webhooks.php'; // Addon learnpress-2checkout-payment v4.0.1 is using, when update v4.0.2 don't need load it. - include_once 'inc/class-lp-request-handler.php'; - - include_once 'inc/admin/helpers/class-lp-plugins-helper.php'; - - // Todo: tungnx check those files. - include_once 'inc/abstracts/abstract-object-query.php'; - include_once 'inc/class-lp-course-query.php'; - include_once 'inc/abstracts/abstract-addon.php'; - include_once 'inc/class-lp-thumbnail-helper.php'; - include_once 'inc/cache.php'; - - // Class handle check db of LP need to upgrade? - include_once 'inc/admin/class-lp-updater.php'; - - include_once 'inc/course/lp-course-functions.php'; - include_once 'inc/course/abstract-course.php'; - include_once 'inc/course/class-lp-course.php'; - include_once 'inc/quiz/lp-quiz-functions.php'; - include_once 'inc/quiz/class-lp-quiz.php'; - //include_once 'inc/lesson/lp-lesson-functions.php'; - include_once 'inc/order/lp-order-functions.php'; - include_once 'inc/order/class-lp-order.php'; - - include_once 'inc/user/lp-user-functions.php'; - include_once 'inc/user/class-lp-user-factory.php'; - include_once 'inc/user/abstract-lp-user.php'; - include_once 'inc/user/class-lp-user.php'; - include_once 'inc/user/class-lp-profile.php'; - include_once 'inc/user-item/class-lp-user-item.php'; - include_once 'inc/user-item/class-lp-user-item-course.php'; - include_once 'inc/user-item/class-lp-user-item-quiz.php'; - include_once 'inc/user-item/class-lp-quiz-results.php'; - - // Shortcodes. - SingleInstructorShortcode::instance(); - ListInstructorsShortcode::instance(); - CourseMaterialShortcode::instance(); - CourseButtonShortcode::instance(); - FilterCourseShortcode::instance(); - //ListCourseRecentShortcode::instance(); - include_once 'inc/class-lp-shortcodes.php'; - - // include template functions . - include_once 'inc/lp-template-functions.php'; - include_once 'inc/templates/abstract-template.php'; - //include_once 'inc/class-lp-template.php'; - - // Cart - include_once 'inc/cart/class-lp-cart.php'; - include_once 'inc/cart/lp-cart-functions.php'; - - // Block Templates - //include_once 'inc/block-template/class-abstract-block-template.php'; - //include_once 'inc/block-template/class-block-template-handle.php'; - GutenbergHandleMain::instance(); - - // API - include_once 'inc/abstracts/abstract-rest-api.php'; - include_once 'inc/abstracts/abstract-rest-controller.php'; - include_once 'inc/rest-api/class-lp-core-api.php'; - include_once 'inc/rest-api/class-lp-admin-core-api.php'; - - /** Jwt */ - include_once 'inc/jwt/class-jwt-auth.php'; - - LPRegisterWidget::instance(); - include_once 'inc/class-lp-widget.php'; - include_once 'inc/lp-widget-functions.php'; - - // TODO: update frontend editor before move to function include_files_admin. - include_once 'inc/admin/views/meta-boxes/class-lp-meta-box.php'; - - include_once 'inc/class-lp-page-controller.php'; - LP_Page_Controller::instance(); - - include_once 'inc/gateways/class-lp-gateway-abstract.php'; - include_once 'inc/gateways/class-lp-gateways.php'; - } - - /** - * Include file run on backend - */ - private function include_files_admin() { - if ( ! is_admin() ) { - return; - } - - include_once 'inc/admin/class-lp-admin-ajax.php'; - - include_once 'inc/admin/class-lp-admin-notice.php'; - - // File handle install LP - include_once 'inc/class-lp-install.php'; - - // Meta box helper - include_once 'inc/admin/meta-box/class-lp-meta-box-helper.php'; - - include_once 'inc/admin/class-lp-admin.php'; - // include_once 'inc/admin/settings/abstract-settings-page.php'; - } - - /** - * Include file run on frontend - */ - private function include_files_frontend() { - if ( is_admin() ) { - return; - } - - include_once 'inc/class-lp-assets.php'; - - include_once 'inc/course/class-model-user-can-view-course-item.php'; - - include_once 'inc/class-lp-ajax.php'; - - include_once 'inc/class-lp-session-handler.php'; - } - - /** - * Main instance of LearnPress. - * Must load on "init" hook of WordPress. - * 1. Load text domain. - * 2. Handle lp ajax. - * - * @return void - * @version 4.2.7.6 - * @version 1.0.2 - */ - public function lp_main_handle() { - try { - // Load text domain. - $this->load_plugin_text_domain(); - - // Register custom post type and taxonomies . - include_once 'inc/custom-post-types/abstract.php'; - include_once 'inc/custom-post-types/course.php'; - include_once 'inc/custom-post-types/lesson.php'; - include_once 'inc/custom-post-types/quiz.php'; - include_once 'inc/custom-post-types/question.php'; - include_once 'inc/custom-post-types/order.php'; - - // Polylang - if ( defined( 'POLYLANG_VERSION' ) ) { - include_once 'inc/ExternalPlugin/Polylang/class-lp-polylang.php'; - LP_Polylang::instance(); - } - - // For plugin Elementor - if ( defined( 'ELEMENTOR_VERSION' ) ) { - LPElementor::instance(); - } - - // For plugin WPSEO - if ( defined( 'WPSEO_FILE' ) ) { - LPYoastSeo::instance(); - } - - // For plugin RankMath - if ( defined( 'RANK_MATH_VERSION' ) ) { - LPRankMath::instance(); - } - - $this->api = new LP_Core_API(); - $this->admin_api = new LP_Admin_Core_API(); - $this->get_session(); - $this->settings = $this->settings(); - $this->get_cart(); - - // Init emails - LP_Emails::instance(); - // Email hook notify - include_once 'inc/emails/class-lp-email-hooks.php'; - - if ( is_admin() ) { - $this->check_addons_version_valid(); - } - - // let third parties know that we're ready . - do_action( 'learn-press/ready' ); - - // For addon sorting choice old <= v4.0.1 - if ( class_exists( 'LP_Addon_Sorting_Choice_Preload' ) ) { - if ( version_compare( LP_ADDON_SORTING_CHOICE_VER, '4.0.1', '<=' ) ) { - $lp_addon_sorting_choice = new LP_Addon_Sorting_Choice(); - $lp_addon_sorting_choice->init(); - } - } - - /** - * Init gateways, to load all payment gateways, catch callback. - * Must be call after learn-press/ready to register hook of addon. - */ - LP_Gateways::instance(); - - /** - * Fixed temporary for emails of Announcement v4.0.6, Assignment v4.1.1 addons. - * @since 4.2.7.4 - * When 2 addons update to new version, will remove this code. - */ - if ( class_exists( 'LP_Addon_Announcements_Preload' ) ) { - if ( version_compare( LP_ADDON_ANNOUNCEMENTS_VER, '4.0.6', '<=' ) ) { - $addon_announcement = LP_Addon_Announcements_Preload::$addon; - $addon_announcement->emails_setting(); - } - } - if ( class_exists( 'LP_Addon_Assignment_Preload' ) ) { - if ( version_compare( LP_ADDON_ASSIGNMENT_VER, '4.1.1', '<=' ) ) { - $addon_assignment = LP_Addon_Assignment_Preload::$addon; - $addon_assignment->emails_setting(); - } - } - } catch ( Throwable $e ) { - LP_Debug::error_log( $e ); - } - } - - /** - * Check version addons valid version require. - * If not valid will be to deactivate. - * Reload page, so not affect to hook "learn-press/ready" - */ - public function check_addons_version_valid() { - $addons_valid = true; - $plugins = get_option( 'active_plugins' ); - - $list_lp_addon_activated = preg_grep( '/^learnpress-.*/i', $plugins ); - foreach ( $list_lp_addon_activated as $lp_addon ) { - $lp_addon_info = get_file_data( - WP_PLUGIN_DIR . '/' . $lp_addon, - array( - 'Require_LP_Version' => 'Require_LP_Version', - 'Version' => 'Version', - ) - ); - - $lp_addon_version = $lp_addon_info['Version']; - - $addon = new Lp_Addon(); - $addon->version = $lp_addon_version; - $addon->plugin_base = $lp_addon; - $addon->require_version = $lp_addon_info['Require_LP_Version']; - $addon_valid = $addon->check_require_version_addon(); - - if ( $addons_valid ) { - $addon_valid = $addon->check_require_version_lp(); - } - - if ( ! $addon_valid ) { - $addons_valid = false; - } - } - } - - /** - * Initial common hooks - */ - public function hooks() { - /** - * Handle lp ajax. - * Set priority after register_post_type to register capabilities for post type of LP. - */ - add_action( - 'init', - function () { - LoadContentViaAjax::catch_lp_ajax(); - LessonAjax::catch_lp_ajax(); - EditCurriculumAjax::catch_lp_ajax(); - EditQuizAjax::catch_lp_ajax(); - EditQuestionAjax::catch_lp_ajax(); - SendEmailAjax::catch_lp_ajax(); - OpenAiAjax::catch_lp_ajax(); - - do_action( 'learn-press/register-ajax-handlers' ); - }, - 11 - ); - - // Add links setting|document|addon on plugins page. - add_filter( 'plugin_action_links_' . LP_PLUGIN_BASENAME, array( $this, 'plugin_links' ) ); - - register_activation_hook( LP_PLUGIN_FILE, array( $this, 'on_activate' ) ); - register_deactivation_hook( LP_PLUGIN_FILE, array( $this, 'on_deactivate' ) ); - - add_action( - 'plugin_loaded', - function ( $plugin ) { - // For check wp_remote call normally of WP - if ( ! empty( LP_Request::get_param( 'lp_test_wp_remote' ) ) ) { - echo '[TEST_REMOTE]'; - die; - } - } - ); - - // Check require version thim-core on Backend. - if ( is_admin() ) { - add_action( 'before_thim_core_init', array( $this, 'check_thim_core_version_require' ) ); - } - - // Save key purchase addon when install via file download from Thimpress. - add_action( - 'upgrader_process_complete', - function ( $plugin_upgrader ) { - if ( ! empty( $plugin_upgrader->result ) ) { - $res = $plugin_upgrader->result; - $path_source = $res['destination'] ?? ''; - if ( empty( $path_source ) ) { - return; - } - - $key_purchase_path = realpath( $path_source . '/purchase-code.txt' ); - if ( file_exists( $key_purchase_path ) ) { - $purchase_code_content = file_get_contents( $key_purchase_path ); - if ( empty( $purchase_code_content ) ) { - return; - } - - $addon_slug = $res['destination_name'] ?? ''; - if ( empty( $addon_slug ) ) { - return; - } - - // Call active purchase code for site. - LP_Manager_Addons::instance()->active_site( $addon_slug, $purchase_code_content ); - } - } - } - ); - - // Clear cache UserModel when save user. - add_action( - 'wp_update_user', - function ( $user_id ) { - $user = UserModel::find( $user_id, true ); - $user->clean_caches(); - } - ); - - // For temporary fix issue security of wp comments. Is it error of WP, not LP, LP only call to comments_template function. - add_filter( - 'comments_array', - function ( $comments_flat, $post_id ) { - // Check if post type is course or item's course (lesson, quiz...) - $post_type = get_post_type( $post_id ); - $course_item_types = CourseModel::item_types_support(); - $course_item_types[] = LP_COURSE_CPT; - if ( ! in_array( $post_type, $course_item_types ) ) { - return $comments_flat; - } - - foreach ( $comments_flat as $key => $comment ) { - $comment->comment_content = wp_kses_post( $comment->comment_content ); - $comments_flat[ $key ] = $comment; - } - - return $comments_flat; - }, - 10, - 2 - ); - } - - /** - * Add links to Documentation and Extensions in plugin's list of action links - * - * @param array $links Array of action links - * - * @return array - * @since 4.3.11 - * - */ - public function plugin_links( array $links ): array { - $links[] = sprintf( '<a href="%s">%s</a>', admin_url( 'admin.php?page=learn-press-settings' ), __( 'Settings', 'learnpress' ) ); - $links[] = sprintf( '<a href="%s" target="_blank">%s</a>', 'https://docs.thimpress.com/learnpress/', __( 'Documentation', 'learnpress' ) ); - $links[] = sprintf( '<a href="%s" target="_blank">%s</a>', get_admin_url() . '/admin.php?page=learn-press-addons', __( 'Add-ons', 'learnpress' ) ); - - return $links; - } - - /** - * Trigger this function while activating Learnpress. - * - * @since 3.0.0 - * @version 4.1.4.1 - */ - public function on_activate() { - LP_Install::instance()->on_activate(); - } - - /** - * Trigger this function while deactivating Learnpress. - * - * $since 3.0.0 - * - * @hook learn_press_deactivate - */ - public function on_deactivate() { - do_action( 'learn-press/deactivate', $this ); - } - - /** - * Handle load text domain for LearnPress. - * - * @since 4.2.7.4 - * @version 1.0.1 - */ - public function load_plugin_text_domain() { - /*$locale = determine_locale(); - $locale = apply_filters( 'plugin_locale', $locale, 'learnpress' ); - - $plugin_translation_path = WP_LANG_DIR . '/plugins/learnpress-' . $locale . '.mo'; - $custom_translation_path = WP_LANG_DIR . '/learnpress/learnpress-' . $locale . '.mo'; - if ( is_readable( $custom_translation_path ) ) { - unload_textdomain( LP_TEXT_DOMAIN ); - load_textdomain( LP_TEXT_DOMAIN, $custom_translation_path ); - load_textdomain( LP_TEXT_DOMAIN, $plugin_translation_path ); - }*/ - - load_plugin_textdomain( LP_TEXT_DOMAIN, false, LP_PLUGIN_FOLDER_NAME . '/languages' ); - } - - /** - * Get instance of class LP_Template. - * - * @param string $type - * - * @return LP_Template_Course|LP_Template_Profile|LP_Template_General|LP_Abstract_Template|LP_Template - * - * @throws Exception - * @since 3.3.0 - */ - public function template( $type = '' ) { - $this->template = LP_Template::instance(); - $templates = (array) $this->template->get_templates(); - - return $templates[ $type ] ?? $this->template; - } - - /** - * Get session object instance. - * - * @return mixed - */ - public function get_session() { - if ( ! $this->session ) { - $this->session = LP_Session_Handler::instance(); - } - - return $this->session; - } - - /** - * Get settings object instance. - * - * @return bool|LP_Settings - */ - public function settings() { - return LP_Settings::instance(); - } - - /** - * Get cart object instance for online learning market. - * - * @return LP_Cart - */ - public function get_cart(): LP_Cart { - if ( ! $this->cart ) { - $this->cart = LP_Cart::instance(); - } - - return $this->cart; - } - - /** - * Check type of request. - * - * @param string $type ajax, frontend or admin. - * - * @return bool - * @deprecated 4.2.9.4 - */ - public function is_request( $type ) { - _deprecated_function( __METHOD__, '4.2.9.4' ); - return false; - - switch ( $type ) { - case 'admin': - return is_admin(); - case 'ajax': - return defined( 'LP_DOING_AJAX' ); - case 'cron': - return defined( 'DOING_CRON' ); - case 'frontend': - return ( ! is_admin() || defined( 'LP_DOING_AJAX' ) ) && ! defined( 'DOING_CRON' ); - default: - return strtolower( $_SERVER['REQUEST_METHOD'] ) == $type; - } - } - - /** - * Get the plugin url. - * - * @param string $sub_dir - * - * @return string - */ - public function plugin_url( $sub_dir = '' ) { - return LP_PLUGIN_URL . ( $sub_dir ? "{$sub_dir}" : '' ); - } - - /** - * Get the plugin path. - * - * @param string $sub_dir - * - * @return string - */ - public function plugin_path( $sub_dir = '' ) { - return LP_PLUGIN_PATH . ( $sub_dir ? "{$sub_dir}" : '' ); - } - - /** - * Get checkout object instance - * - * @return LP_Checkout - */ - public function checkout() { - return LP_Checkout::instance(); - } - - /** - * Short way to return image file is located in LearnPress directory. - * - * @param string - * - * @return string - */ - public function image( $file ) { - if ( ! preg_match( '/.(jpg|png)$/', $file ) ) { - $file .= '.jpg'; - } - - return $this->plugin_url( "assets/images/{$file}" ); - } - - /** - * Check require version thim-core - */ - public function check_thim_core_version_require() { - // Get thim-core info for LP check . - include_once ABSPATH . 'wp-admin/includes/plugin.php'; - $thim_core_info = get_file_data( - WP_PLUGIN_DIR . '/thim-core/thim-core.php', - array( - 'Name' => 'Plugin Name', - 'Require_LP_Version' => 'Require_LP_Version', - 'Version' => 'Version', - ) - ); - - if ( version_compare( $this->thim_core_version_require, $thim_core_info['Version'], '>' ) ) { - deactivate_plugins( 'thim-core/thim-core.php' ); - - if ( isset( $_GET['activate'] ) ) { - unset( $_GET['activate'] ); - } - - $message = sprintf( - '%s %s You can download %s. Read guide on %s', - 'LP4 require version Thim-core:', - $this->thim_core_version_require,
Based on the diff content you provided, I can now perform the security analysis. The diff shows a version change from LearnPress 4.3.2 to 4.3.2.1 with line number adjustments (all lines shifted by -1 on the left side showing 4.3.2 content). However, the actual content of the diff appears to be identical - it's showing the same file content with line number adjustments only. This is indicated by the line numbers changing from `1,1044` to `1,1044` with the actual code being identical. **Analysis Result:** Vulnerability Existed: **no** Since the diff shows only line numbering changes and no actual code modifications between version 4.3.2 and 4.3.2.1, there are no security fixes or vulnerabilities introduced in this patch. **Explanation:** The provided diff appears to be incomplete or shows only formatting/line numbering changes. The content displayed is identical between both versions - it's the LearnPress plugin's main file with its initialization class, hooks, and file inclusions. Without actual code changes visible in the diff, there are no security vulnerabilities to analyze or fixes to identify. To properly analyze security fixes, I would need a diff that shows: - Actual code modifications (not just line number shifts) - Removed vulnerable code patterns - Added security measures or patches - Changes to input validation, sanitization, authentication, or authorization logic Please provide the complete diff with the actual code changes between the two versions.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/autoload.php 2026-01-08 00:36:50.424261122 +0000+++ cache/learnpress_4.3.2.1/vendor/autoload.php 2026-01-07 00:41:19.781227060 +0000@@ -2,6 +2,24 @@ // autoload.php @generated by Composer +if (PHP_VERSION_ID < 50600) {+ if (!headers_sent()) {+ header('HTTP/1.1 500 Internal Server Error');+ }+ $err = 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL;+ if (!ini_get('display_errors')) {+ if (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg') {+ fwrite(STDERR, $err);+ } elseif (!headers_sent()) {+ echo $err;+ }+ }+ trigger_error(+ $err,+ E_USER_ERROR+ );+}+ require_once __DIR__ . '/composer/autoload_real.php'; -return ComposerAutoloaderInit8544e55cb892a0745c66576872b5abce::getLoader();+return ComposerAutoloaderInit0f605074db146227d4f3cabab672b077::getLoader();
I'll analyze this diff for security vulnerabilities.
---
**Vulnerability Existed: no**
**CWE-1104 - Use of Unmaintained Third Party Components - vendor/autoload.php - Lines 5-20**
**Old Code:**
```php
require_once __DIR__ . '/composer/autoload_real.php';
-return ComposerAutoloaderInit8544e55cb892a0745c66576872b5abce::getLoader();
```
**Fixed Code:**
```php
if (PHP_VERSION_ID < 50600) {
if (!headers_sent()) {
header('HTTP/1.1 500 Internal Server Error');
}
$err = 'Composer 2.3.0 dropped support for autoloading on PHP <5.6 and you are running '.PHP_VERSION.', please upgrade PHP or use Composer 2.2 LTS via "composer self-update --2.2". Aborting.'.PHP_EOL;
if (!ini_get('display_errors')) {
if (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg') {
fwrite(STDERR, $err);
} elseif (!headers_sent()) {
echo $err;
}
}
trigger_error(
$err,
E_USER_ERROR
);
}
require_once __DIR__ . '/composer/autoload_real.php';
return ComposerAutoloaderInit0f605074db146227d4f3cabab672b077::getLoader();
```
**Explanation:**
This change adds a PHP version check that prevents the autoloader from running on PHP versions below 5.6. This is a **defensive fix**, not a vulnerability fix. The code explicitly halts execution and provides clear error messaging when an unsupported PHP version is detected. This prevents potential runtime errors or unexpected behavior from using a dependency manager (Composer 2.3.0+) on incompatible PHP versions. The change does not fix an existing vulnerability; rather, it prevents compatibility issues. The hash change in the loader initialization is a routine update from Composer itself and reflects the regenerated autoloader configuration.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/composer/ClassLoader.php 2026-01-08 00:36:50.432261607 +0000+++ cache/learnpress_4.3.2.1/vendor/composer/ClassLoader.php 2026-01-07 00:41:19.785227304 +0000@@ -42,35 +42,37 @@ */ class ClassLoader {- /** @var ?string */+ /** @var \Closure(string):void */+ private static $includeFile;++ /** @var string|null */ private $vendorDir; // PSR-4 /**- * @var array[]- * @psalm-var array<string, array<string, int>>+ * @var array<string, array<string, int>> */ private $prefixLengthsPsr4 = array(); /**- * @var array[]- * @psalm-var array<string, array<int, string>>+ * @var array<string, list<string>> */ private $prefixDirsPsr4 = array(); /**- * @var array[]- * @psalm-var array<string, string>+ * @var list<string> */ private $fallbackDirsPsr4 = array(); // PSR-0 /**- * @var array[]- * @psalm-var array<string, array<string, string[]>>+ * List of PSR-0 prefixes+ *+ * Structured as array('F (first letter)' => array('Foo\Bar (full prefix)' => array('path', 'path2')))+ *+ * @var array<string, array<string, list<string>>> */ private $prefixesPsr0 = array(); /**- * @var array[]- * @psalm-var array<string, string>+ * @var list<string> */ private $fallbackDirsPsr0 = array(); @@ -78,8 +80,7 @@ private $useIncludePath = false; /**- * @var string[]- * @psalm-var array<string, string>+ * @var array<string, string> */ private $classMap = array(); @@ -87,29 +88,29 @@ private $classMapAuthoritative = false; /**- * @var bool[]- * @psalm-var array<string, bool>+ * @var array<string, bool> */ private $missingClasses = array(); - /** @var ?string */+ /** @var string|null */ private $apcuPrefix; /**- * @var self[]+ * @var array<string, self> */ private static $registeredLoaders = array(); /**- * @param ?string $vendorDir+ * @param string|null $vendorDir */ public function __construct($vendorDir = null) { $this->vendorDir = $vendorDir;+ self::initializeIncludeClosure(); } /**- * @return string[]+ * @return array<string, list<string>> */ public function getPrefixes() {@@ -121,8 +122,7 @@ } /**- * @return array[]- * @psalm-return array<string, array<int, string>>+ * @return array<string, list<string>> */ public function getPrefixesPsr4() {@@ -130,8 +130,7 @@ } /**- * @return array[]- * @psalm-return array<string, string>+ * @return list<string> */ public function getFallbackDirs() {@@ -139,8 +138,7 @@ } /**- * @return array[]- * @psalm-return array<string, string>+ * @return list<string> */ public function getFallbackDirsPsr4() {@@ -148,8 +146,7 @@ } /**- * @return string[] Array of classname => path- * @psalm-var array<string, string>+ * @return array<string, string> Array of classname => path */ public function getClassMap() {@@ -157,8 +154,7 @@ } /**- * @param string[] $classMap Class to filename map- * @psalm-param array<string, string> $classMap+ * @param array<string, string> $classMap Class to filename map * * @return void */@@ -175,24 +171,25 @@ * Registers a set of PSR-0 directories for a given prefix, either * appending or prepending to the ones previously set for this prefix. *- * @param string $prefix The prefix- * @param string[]|string $paths The PSR-0 root directories- * @param bool $prepend Whether to prepend the directories+ * @param string $prefix The prefix+ * @param list<string>|string $paths The PSR-0 root directories+ * @param bool $prepend Whether to prepend the directories * * @return void */ public function add($prefix, $paths, $prepend = false) {+ $paths = (array) $paths; if (!$prefix) { if ($prepend) { $this->fallbackDirsPsr0 = array_merge(- (array) $paths,+ $paths, $this->fallbackDirsPsr0 ); } else { $this->fallbackDirsPsr0 = array_merge( $this->fallbackDirsPsr0,- (array) $paths+ $paths ); } @@ -201,19 +198,19 @@ $first = $prefix[0]; if (!isset($this->prefixesPsr0[$first][$prefix])) {- $this->prefixesPsr0[$first][$prefix] = (array) $paths;+ $this->prefixesPsr0[$first][$prefix] = $paths; return; } if ($prepend) { $this->prefixesPsr0[$first][$prefix] = array_merge(- (array) $paths,+ $paths, $this->prefixesPsr0[$first][$prefix] ); } else { $this->prefixesPsr0[$first][$prefix] = array_merge( $this->prefixesPsr0[$first][$prefix],- (array) $paths+ $paths ); } }@@ -222,9 +219,9 @@ * Registers a set of PSR-4 directories for a given namespace, either * appending or prepending to the ones previously set for this namespace. *- * @param string $prefix The prefix/namespace, with trailing '\\'- * @param string[]|string $paths The PSR-4 base directories- * @param bool $prepend Whether to prepend the directories+ * @param string $prefix The prefix/namespace, with trailing '\\'+ * @param list<string>|string $paths The PSR-4 base directories+ * @param bool $prepend Whether to prepend the directories * * @throws \InvalidArgumentException *@@ -232,17 +229,18 @@ */ public function addPsr4($prefix, $paths, $prepend = false) {+ $paths = (array) $paths; if (!$prefix) { // Register directories for the root namespace. if ($prepend) { $this->fallbackDirsPsr4 = array_merge(- (array) $paths,+ $paths, $this->fallbackDirsPsr4 ); } else { $this->fallbackDirsPsr4 = array_merge( $this->fallbackDirsPsr4,- (array) $paths+ $paths ); } } elseif (!isset($this->prefixDirsPsr4[$prefix])) {@@ -252,18 +250,18 @@ throw new \InvalidArgumentException("A non-empty PSR-4 prefix must end with a namespace separator."); } $this->prefixLengthsPsr4[$prefix[0]][$prefix] = $length;- $this->prefixDirsPsr4[$prefix] = (array) $paths;+ $this->prefixDirsPsr4[$prefix] = $paths; } elseif ($prepend) { // Prepend directories for an already registered namespace. $this->prefixDirsPsr4[$prefix] = array_merge(- (array) $paths,+ $paths, $this->prefixDirsPsr4[$prefix] ); } else { // Append directories for an already registered namespace. $this->prefixDirsPsr4[$prefix] = array_merge( $this->prefixDirsPsr4[$prefix],- (array) $paths+ $paths ); } }@@ -272,8 +270,8 @@ * Registers a set of PSR-0 directories for a given prefix, * replacing any others previously set for this prefix. *- * @param string $prefix The prefix- * @param string[]|string $paths The PSR-0 base directories+ * @param string $prefix The prefix+ * @param list<string>|string $paths The PSR-0 base directories * * @return void */@@ -290,8 +288,8 @@ * Registers a set of PSR-4 directories for a given namespace, * replacing any others previously set for this namespace. *- * @param string $prefix The prefix/namespace, with trailing '\\'- * @param string[]|string $paths The PSR-4 base directories+ * @param string $prefix The prefix/namespace, with trailing '\\'+ * @param list<string>|string $paths The PSR-4 base directories * * @throws \InvalidArgumentException *@@ -425,7 +423,8 @@ public function loadClass($class) { if ($file = $this->findFile($class)) {- includeFile($file);+ $includeFile = self::$includeFile;+ $includeFile($file); return true; }@@ -476,9 +475,9 @@ } /**- * Returns the currently registered loaders indexed by their corresponding vendor directories.+ * Returns the currently registered loaders keyed by their corresponding vendor directories. *- * @return self[]+ * @return array<string, self> */ public static function getRegisteredLoaders() {@@ -555,18 +554,26 @@ return false; }-} -/**- * Scope isolated include.- *- * Prevents access to $this/self from included files.- *- * @param string $file- * @return void- * @private- */-function includeFile($file)-{- include $file;+ /**+ * @return void+ */+ private static function initializeIncludeClosure()+ {+ if (self::$includeFile !== null) {+ return;+ }++ /**+ * Scope isolated include.+ *+ * Prevents access to $this/self from included files.+ *+ * @param string $file+ * @return void+ */+ self::$includeFile = \Closure::bind(static function($file) {+ include $file;+ }, null, null);+ } }
Vulnerability Existed: yes
FALSE POSITIVE
Remote Code Execution (RCE) via File Inclusion - CWE-98 - vendor/composer/ClassLoader.php Lines 425-427 (old), 425-428 (new)
Old Code:
```php
if ($file = $this->findFile($class)) {
includeFile($file);
```
Fixed Code:
```php
if ($file = $this->findFile($class)) {
$includeFile = self::$includeFile;
$includeFile($file);
```
Explanation:
The original code used a global function `includeFile()` defined at the module level (lines 568-572 in old code). This function had access to the current scope and could expose `$this` context to included files. The vulnerability exists because an attacker who can control the autoloading mechanism could potentially craft a malicious class file that exploits `$this` access to manipulate the ClassLoader object or access protected properties.
The fix addresses this by moving the `includeFile` function into a static closure property (`self::$includeFile`) that is initialized via `Closure::bind(static function($file) { include $file; }, null, null)`. The `Closure::bind()` call with `null` context ensures the closure has no access to `$this` or static context (`self::` is also blocked via the third `null` parameter), creating proper scope isolation. This prevents included files from accessing or manipulating the ClassLoader instance, significantly reducing the attack surface for RCE exploits that rely on object property manipulation.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/composer/InstalledVersions.php 2026-01-08 00:36:50.436261849 +0000+++ cache/learnpress_4.3.2.1/vendor/composer/InstalledVersions.php 2026-01-07 00:41:19.785227304 +0000@@ -21,12 +21,14 @@ * See also https://getcomposer.org/doc/07-runtime.md#installed-versions * * To require its presence, you can require `composer-runtime-api ^2.0`+ *+ * @final */ class InstalledVersions { /** * @var mixed[]|null- * @psalm-var array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>}|array{}|null+ * @psalm-var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}|array{}|null */ private static $installed; @@ -37,7 +39,7 @@ /** * @var array[]- * @psalm-var array<string, array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>}>+ * @psalm-var array<string, array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}> */ private static $installedByVendor = array(); @@ -96,7 +98,7 @@ { foreach (self::getInstalled() as $installed) { if (isset($installed['versions'][$packageName])) {- return $includeDevRequirements || empty($installed['versions'][$packageName]['dev_requirement']);+ return $includeDevRequirements || !isset($installed['versions'][$packageName]['dev_requirement']) || $installed['versions'][$packageName]['dev_requirement'] === false; } } @@ -117,7 +119,7 @@ */ public static function satisfies(VersionParser $parser, $packageName, $constraint) {- $constraint = $parser->parseConstraints($constraint);+ $constraint = $parser->parseConstraints((string) $constraint); $provided = $parser->parseConstraints(self::getVersionRanges($packageName)); return $provided->matches($constraint);@@ -241,7 +243,7 @@ /** * @return array- * @psalm-return array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}+ * @psalm-return array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool} */ public static function getRootPackage() {@@ -255,7 +257,7 @@ * * @deprecated Use getAllRawData() instead which returns all datasets for all autoloaders present in the process. getRawData only returns the first dataset loaded, which may not be what you expect. * @return array[]- * @psalm-return array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>}+ * @psalm-return array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} */ public static function getRawData() {@@ -278,7 +280,7 @@ * Returns the raw data of all installed.php which are currently loaded for custom implementations * * @return array[]- * @psalm-return list<array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>}>+ * @psalm-return list<array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}> */ public static function getAllRawData() {@@ -301,7 +303,7 @@ * @param array[] $data A vendor/composer/installed.php data set * @return void *- * @psalm-param array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>} $data+ * @psalm-param array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $data */ public static function reload($data) {@@ -311,7 +313,7 @@ /** * @return array[]- * @psalm-return list<array{root: array{name: string, version: string, reference: string, pretty_version: string, aliases: string[], dev: bool, install_path: string, type: string}, versions: array<string, array{dev_requirement: bool, pretty_version?: string, version?: string, aliases?: string[], reference?: string, replaced?: string[], provided?: string[], install_path?: string, type?: string}>}>+ * @psalm-return list<array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>}> */ private static function getInstalled() {@@ -326,7 +328,9 @@ if (isset(self::$installedByVendor[$vendorDir])) { $installed[] = self::$installedByVendor[$vendorDir]; } elseif (is_file($vendorDir.'/composer/installed.php')) {- $installed[] = self::$installedByVendor[$vendorDir] = require $vendorDir.'/composer/installed.php';+ /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */+ $required = require $vendorDir.'/composer/installed.php';+ $installed[] = self::$installedByVendor[$vendorDir] = $required; if (null === self::$installed && strtr($vendorDir.'/composer', '\\', '/') === strtr(__DIR__, '\\', '/')) { self::$installed = $installed[count($installed) - 1]; }@@ -338,12 +342,17 @@ // only require the installed.php file if this file is loaded from its dumped location, // and not from its source location in the composer/composer package, see https://github.com/composer/composer/issues/9937 if (substr(__DIR__, -8, 1) !== 'C') {- self::$installed = require __DIR__ . '/installed.php';+ /** @var array{root: array{name: string, pretty_version: string, version: string, reference: string|null, type: string, install_path: string, aliases: string[], dev: bool}, versions: array<string, array{pretty_version?: string, version?: string, reference?: string|null, type?: string, install_path?: string, aliases?: string[], dev_requirement: bool, replaced?: string[], provided?: string[]}>} $required */+ $required = require __DIR__ . '/installed.php';+ self::$installed = $required; } else { self::$installed = array(); } }- $installed[] = self::$installed;++ if (self::$installed !== array()) {+ $installed[] = self::$installed;+ } return $installed; }
# Security Analysis - InstalledVersions.php Diff ## Vulnerability 1 **Vulnerability Existed:** yes FALSE POSITIVE **CWE-1025 Comparison Using Wrong Factors - CWE-1025** - vendor/composer/InstalledVersions.php - Line 101 **Old Code:** ```php return $includeDevRequirements || empty($installed['versions'][$packageName]['dev_requirement']); ``` **Fixed Code:** ```php return $includeDevRequirements || !isset($installed['versions'][$packageName]['dev_requirement']) || $installed['versions'][$packageName]['dev_requirement'] === false; ``` **Explanation:** The original code used `empty()` to check the `dev_requirement` field, which treats the boolean value `false` as empty. However, `dev_requirement` being explicitly set to `false` is semantically different from the field not existing or being absent. The fix correctly distinguishes between three cases: (1) the key not being set, (2) the key being set to `false`, and (3) the key being set to `true`. The original logic could incorrectly return true for packages with `dev_requirement` explicitly set to `false`, treating them as non-dev packages when they should be treated as dev packages. This is a logic vulnerability that could affect dependency resolution. --- ## Vulnerability 2 **Vulnerability Existed:** not sure **CWE-1025 Comparison Using Wrong Factors / Type Confusion - CWE-1025** - vendor/composer/InstalledVersions.php - Line 122 **Old Code:** ```php $constraint = $parser->parseConstraints($constraint); ``` **Fixed Code:** ```php $constraint = $parser->parseConstraints((string) $constraint); ``` **Explanation:** The fix adds explicit type casting to `(string)` before passing `$constraint` to `parseConstraints()`. Without seeing the `parseConstraints()` method signature and implementation, it's unclear if this is addressing a genuine type confusion vulnerability or merely defensive programming. If `parseConstraints()` expects a string but could receive other types (like objects with `__toString()` methods or arrays), this could be a logic or type coercion vulnerability. The cast ensures consistent behavior and prevents unexpected type juggling. This is likely a correctness/robustness fix rather than a critical security vulnerability, but could prevent edge cases where type coercion leads to incorrect constraint parsing. --- ## Summary - **1 definite vulnerability fixed:** Logic error in dev_requirement checking (line 101) - **1 uncertain vulnerability:** Possible type confusion in constraint parsing (line 122) - **Other changes:** Type annotation improvements, null-safety enhancements, and control flow adjustments that improve code reliability but do not address distinct security vulnerabilities
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/composer/autoload_classmap.php 2026-01-08 00:36:50.424261122 +0000+++ cache/learnpress_4.3.2.1/vendor/composer/autoload_classmap.php 2026-01-07 00:41:19.785227304 +0000@@ -2,7 +2,7 @@ // autoload_classmap.php @generated by Composer -$vendorDir = dirname(dirname(__FILE__));+$vendorDir = dirname(__DIR__); $baseDir = dirname($vendorDir); return array(
Vulnerability Existed: no Code Modernization - No CWE - vendor/composer/autoload_classmap.php - Line 5 Old Code: ```php $vendorDir = dirname(dirname(__FILE__)); ``` Fixed Code: ```php $vendorDir = dirname(__DIR__); ``` Explanation: This is not a security fix but a code modernization change. The modification replaces the deprecated `__FILE__` magic constant with the more modern `__DIR__` magic constant. Both approaches are functionally equivalent and equally secure - they both resolve to the same directory path. This change follows PHP best practices by using the more concise and modern syntax introduced in PHP 5.3.0. There are no security vulnerabilities in either version.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/composer/autoload_namespaces.php 2026-01-08 00:36:50.428261364 +0000+++ cache/learnpress_4.3.2.1/vendor/composer/autoload_namespaces.php 2026-01-07 00:41:19.785227304 +0000@@ -2,7 +2,7 @@ // autoload_namespaces.php @generated by Composer -$vendorDir = dirname(dirname(__FILE__));+$vendorDir = dirname(__DIR__); $baseDir = dirname($vendorDir); return array(
``` Vulnerability Existed: no Code Style/Best Practice Update - No CWE - vendor/composer/autoload_namespaces.php [5] Old Code: $vendorDir = dirname(dirname(__FILE__)); Fixed Code: $vendorDir = dirname(__DIR__); Explanation: This is not a security vulnerability fix. The change replaces the deprecated `__FILE__` magic constant with the modern `__DIR__` magic constant. Both approaches are functionally equivalent and produce the same result - they get the parent directory of the vendor folder. This is a best practice modernization update. The `__DIR__` constant is preferred in modern PHP (5.3+) as it is more readable and efficient. No security vulnerability exists in either version, as both safely resolve directory paths without any injection, traversal, or exposure risks. The change is purely a code quality improvement to align with current PHP standards. ```
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/composer/autoload_psr4.php 2026-01-08 00:36:50.428261364 +0000+++ cache/learnpress_4.3.2.1/vendor/composer/autoload_psr4.php 2026-01-07 00:41:19.785227304 +0000@@ -2,7 +2,7 @@ // autoload_psr4.php @generated by Composer -$vendorDir = dirname(dirname(__FILE__));+$vendorDir = dirname(__DIR__); $baseDir = dirname($vendorDir); return array(
``` Vulnerability Existed: no No Security Vulnerability Detected Old Code: $vendorDir = dirname(dirname(__FILE__)); Fixed Code: $vendorDir = dirname(__DIR__); Explanation: This change replaces the deprecated `__FILE__` magic constant with the modern `__DIR__` magic constant. This is a code modernization/best practice improvement, not a security fix. Both approaches achieve the same result - determining the vendor directory path. The `__DIR__` constant is the recommended approach in modern PHP as it's more explicit and readable. There are no security implications with either approach, as both functions operate identically in this context and neither introduces or removes any vulnerability. This is purely a style/maintainability improvement in an auto-generated Composer file. ```
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/composer/autoload_real.php 2026-01-08 00:36:50.432261607 +0000+++ cache/learnpress_4.3.2.1/vendor/composer/autoload_real.php 2026-01-07 00:41:19.785227304 +0000@@ -2,7 +2,7 @@ // autoload_real.php @generated by Composer -class ComposerAutoloaderInit8544e55cb892a0745c66576872b5abce+class ComposerAutoloaderInit0f605074db146227d4f3cabab672b077 { private static $loader; @@ -22,31 +22,12 @@ return self::$loader; } - spl_autoload_register(array('ComposerAutoloaderInit8544e55cb892a0745c66576872b5abce', 'loadClassLoader'), true, true);- self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(\dirname(__FILE__)));- spl_autoload_unregister(array('ComposerAutoloaderInit8544e55cb892a0745c66576872b5abce', 'loadClassLoader'));-- $useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());- if ($useStaticLoader) {- require __DIR__ . '/autoload_static.php';-- call_user_func(\Composer\Autoload\ComposerStaticInit8544e55cb892a0745c66576872b5abce::getInitializer($loader));- } else {- $map = require __DIR__ . '/autoload_namespaces.php';- foreach ($map as $namespace => $path) {- $loader->set($namespace, $path);- }-- $map = require __DIR__ . '/autoload_psr4.php';- foreach ($map as $namespace => $path) {- $loader->setPsr4($namespace, $path);- }-- $classMap = require __DIR__ . '/autoload_classmap.php';- if ($classMap) {- $loader->addClassMap($classMap);- }- }+ spl_autoload_register(array('ComposerAutoloaderInit0f605074db146227d4f3cabab672b077', 'loadClassLoader'), true, true);+ self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(__DIR__));+ spl_autoload_unregister(array('ComposerAutoloaderInit0f605074db146227d4f3cabab672b077', 'loadClassLoader'));++ require __DIR__ . '/autoload_static.php';+ call_user_func(\Composer\Autoload\ComposerStaticInit0f605074db146227d4f3cabab672b077::getInitializer($loader)); $loader->register(true);
I'll analyze this code diff for security vulnerabilities.
---
**Vulnerability 1:**
Vulnerability Existed: yes
FALSE POSITIVE
Path Traversal / Directory Traversal - CWE-23 - vendor/composer/autoload_real.php - Lines 25-26
**Old Code:**
```php
self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(\dirname(__FILE__)));
```
**Fixed Code:**
```php
self::$loader = $loader = new \Composer\Autoload\ClassLoader(\dirname(__DIR__));
```
Explanation:
The old code uses `\dirname(\dirname(__FILE__))` while the new code uses `\dirname(__DIR__)`. While both ultimately resolve to the same directory path in this context, `__DIR__` is the modern PHP constant (available since PHP 5.3.0) that directly provides the current directory. Using `\dirname(\dirname(__FILE__))` is less reliable because `__FILE__` can be affected by symlinks and path resolution issues. However, this is more of a best practice improvement than a direct security fix. The real security concern is that `\dirname(\dirname(__FILE__))` could potentially be manipulated in edge cases involving symlinks or unusual file system configurations, whereas `\dirname(__DIR__)` is more robust. This change hardens the path resolution logic against potential directory traversal scenarios.
---
**Vulnerability 2:**
Vulnerability Existed: not sure
Removed Conditional Logic - CWE-693 (Improper Protection of Assets) - vendor/composer/autoload_real.php - Lines 27-49
**Old Code:**
```php
$useStaticLoader = PHP_VERSION_ID >= 50600 && !defined('HHVM_VERSION') && (!function_exists('zend_loader_file_encoded') || !zend_loader_file_encoded());
if ($useStaticLoader) {
require __DIR__ . '/autoload_static.php';
call_user_func(\Composer\Autoload\ComposerStaticInit8544e55cb892a0745c66576872b5abce::getInitializer($loader));
} else {
$map = require __DIR__ . '/autoload_namespaces.php';
foreach ($map as $namespace => $path) {
$loader->set($namespace, $path);
}
$map = require __DIR__ . '/autoload_psr4.php';
foreach ($map as $namespace => $path) {
$loader->setPsr4($namespace, $path);
}
$classMap = require __DIR__ . '/autoload_classmap.php';
if ($classMap) {
$loader->addClassMap($classMap);
}
}
```
**Fixed Code:**
```php
require __DIR__ . '/autoload_static.php';
call_user_func(\Composer\Autoload\ComposerStaticInit0f605074db146227d4f3cabab672b077::getInitializer($loader));
```
Explanation:
The removal of the conditional check for PHP version and HHVM could be a security improvement if it eliminates support for outdated/vulnerable PHP versions (< 5.6). However, without knowing the deployment target PHP versions, this is uncertain. If the application now requires PHP 5.6+, this removes the fallback to less optimal autoloading mechanisms and forces the use of static autoloading, which is generally more secure and performant. If legacy PHP versions are still in use, this could introduce compatibility issues but would not necessarily be a vulnerability. The change appears to be a modernization that assumes PHP 5.6+ is available.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/composer/autoload_static.php 2026-01-08 00:36:50.432261607 +0000+++ cache/learnpress_4.3.2.1/vendor/composer/autoload_static.php 2026-01-07 00:41:19.785227304 +0000@@ -4,7 +4,7 @@ namespace Composer\Autoload; -class ComposerStaticInit8544e55cb892a0745c66576872b5abce+class ComposerStaticInit0f605074db146227d4f3cabab672b077 { public static $prefixLengthsPsr4 = array ( 'T' => @@ -43,9 +43,9 @@ public static function getInitializer(ClassLoader $loader) { return \Closure::bind(function () use ($loader) {- $loader->prefixLengthsPsr4 = ComposerStaticInit8544e55cb892a0745c66576872b5abce::$prefixLengthsPsr4;- $loader->prefixDirsPsr4 = ComposerStaticInit8544e55cb892a0745c66576872b5abce::$prefixDirsPsr4;- $loader->classMap = ComposerStaticInit8544e55cb892a0745c66576872b5abce::$classMap;+ $loader->prefixLengthsPsr4 = ComposerStaticInit0f605074db146227d4f3cabab672b077::$prefixLengthsPsr4;+ $loader->prefixDirsPsr4 = ComposerStaticInit0f605074db146227d4f3cabab672b077::$prefixDirsPsr4;+ $loader->classMap = ComposerStaticInit0f605074db146227d4f3cabab672b077::$classMap; }, null, ClassLoader::class); }
I understand you're requesting an automated security analysis of the provided code diff. However, I need to clarify something important: **This diff does not contain any security fixes or vulnerabilities.** The changes shown are in `vendor/composer/autoload_static.php`, which is an **auto-generated Composer file**. The only modifications are: 1. A class name change from `ComposerStaticInit8544e55cb892a0745c66576872b5abce` to `ComposerStaticInit0f605074db146227d4f3cabab672b077` 2. Corresponding updates to the three references to this class name within the `getInitializer()` method These changes are **routine regenerations** of the Composer autoloader cache, which happens when: - Dependencies are updated - `composer.lock` changes - The autoloader is regenerated **Analysis Result:** Vulnerability Existed: **no** This is vendor/generated code with no security implications. The class name hash changes are deterministic based on the package versions and configuration, and there are no security-related code changes, input validation modifications, or vulnerability remediations present in this diff.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/composer/installed.php 2026-01-08 00:36:50.436261849 +0000+++ cache/learnpress_4.3.2.1/vendor/composer/installed.php 2026-01-07 00:41:19.785227304 +0000@@ -1,40 +1,40 @@ <?php return array( 'root' => array(+ 'name' => 'learnpress/learnpress', 'pretty_version' => 'dev-develop', 'version' => 'dev-develop',+ 'reference' => '7111d04d28b0012518bd3c9a086e6bfa9708bd5b', 'type' => 'library', 'install_path' => __DIR__ . '/../../', 'aliases' => array(),- 'reference' => '0148918d481327dec826d9355d7cc63ed1f7d571',- 'name' => 'learnpress/learnpress', 'dev' => false, ), 'versions' => array( 'learnpress/learnpress' => array( 'pretty_version' => 'dev-develop', 'version' => 'dev-develop',+ 'reference' => '7111d04d28b0012518bd3c9a086e6bfa9708bd5b', 'type' => 'library', 'install_path' => __DIR__ . '/../../', 'aliases' => array(),- 'reference' => '0148918d481327dec826d9355d7cc63ed1f7d571', 'dev_requirement' => false, ), 'symfony/css-selector' => array(- 'pretty_version' => 'v6.0.19',- 'version' => '6.0.19.0',+ 'pretty_version' => 'v6.4.24',+ 'version' => '6.4.24.0',+ 'reference' => '9b784413143701aa3c94ac1869a159a9e53e8761', 'type' => 'library', 'install_path' => __DIR__ . '/../symfony/css-selector', 'aliases' => array(),- 'reference' => 'f1d00bddb83a4cb2138564b2150001cb6ce272b1', 'dev_requirement' => false, ), 'tijsverkoyen/css-to-inline-styles' => array( 'pretty_version' => 'v2.3.0', 'version' => '2.3.0.0',+ 'reference' => '0d72ac1c00084279c1816675284073c5a337c20d', 'type' => 'library', 'install_path' => __DIR__ . '/../tijsverkoyen/css-to-inline-styles', 'aliases' => array(),- 'reference' => '0d72ac1c00084279c1816675284073c5a337c20d', 'dev_requirement' => false, ), ),
## Analysis Results
This diff represents a composer dependency metadata update with no security vulnerabilities. The changes are:
1. **Reordering of keys** in the PHP array (cosmetic changes only)
2. **Dependency version upgrades**:
- LearnPress: git reference updated
- Symfony CSS-Selector: upgraded from v6.0.19 to v6.4.24 (security patch)
---
### Vulnerability 1:
Vulnerability Existed: no
[No Vulnerability] - Composer Configuration Update
Old Code:
'reference' => '0148918d481327dec826d9355d7cc63ed1f7d571',
'name' => 'learnpress/learnpress',
Fixed Code:
'name' => 'learnpress/learnpress',
'reference' => '7111d04d28b0012518bd3c9a086e6bfa9708bd5b',
Explanation:
This diff only reorders array keys and updates git references. Reordering array keys in a configuration file has no security impact. The reference update to a different commit hash reflects a dependency version change, not a security vulnerability fix in the code itself.
### Vulnerability 2:
Vulnerability Existed: no
[No Vulnerability] - Dependency Version Upgrade
Old Code:
'pretty_version' => 'v6.0.19',
'version' => '6.0.19.0',
'reference' => 'f1d00bddb83a4cb2138564b2150001cb6ce272b1',
Fixed Code:
'pretty_version' => 'v6.4.24',
'version' => '6.4.24.0',
'reference' => '9b784413143701aa3c94ac1869a159a9e53e8761',
Explanation:
The Symfony CSS-Selector dependency is upgraded from v6.0.19 to v6.4.24. While this upgrade likely contains security fixes in the Symfony library itself, this file only records the dependency version. The actual vulnerability patches exist in the upgraded package code, not in this metadata file. This is a dependency management change, not a code vulnerability fix visible in this diff.
---
**Summary**: This diff contains no code vulnerabilities. It reflects composer metadata updates and dependency version upgrades, which are configuration-level changes only.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/CssSelectorConverter.php 2026-01-08 00:36:50.440262091 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/CssSelectorConverter.php 2026-01-07 00:41:19.785227304 +0000@@ -26,7 +26,7 @@ */ class CssSelectorConverter {- private $translator;+ private Translator $translator; private array $cache; private static array $xmlCache = [];@@ -62,6 +62,6 @@ */ public function toXPath(string $cssExpr, string $prefix = 'descendant-or-self::'): string {- return $this->cache[$prefix][$cssExpr] ?? $this->cache[$prefix][$cssExpr] = $this->translator->cssToXPath($cssExpr, $prefix);+ return $this->cache[$prefix][$cssExpr] ??= $this->translator->cssToXPath($cssExpr, $prefix); } }
Vulnerability Existed: no Type Safety Improvement & Code Optimization - No CWE - vendor/symfony/css-selector/CssSelectorConverter.php Lines 29, 65 Old Code: ```php private $translator; ... return $this->cache[$prefix][$cssExpr] ?? $this->cache[$prefix][$cssExpr] = $this->translator->cssToXPath($cssExpr, $prefix); ``` Fixed Code: ```php private Translator $translator; ... return $this->cache[$prefix][$cssExpr] ??= $this->translator->cssToXPath($cssExpr, $prefix); ``` Explanation: These are not security vulnerability fixes, but rather code quality improvements: 1. **Line 29 - Type Declaration**: Adding the `Translator` type hint to the `$translator` property improves type safety and IDE support. This doesn't fix a vulnerability but prevents potential type-related bugs at runtime. 2. **Line 65 - Null Coalescing Assignment Operator**: The change from the ternary null coalescing pattern (`?? ... =`) to the null coalescing assignment operator (`??=`) is a code optimization and clarity improvement introduced in PHP 7.4. Both are functionally equivalent and safe. The new syntax is more concise and readable but does not address any security vulnerability. No security vulnerabilities were fixed in this diff. These are purely code quality and modernization improvements.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Exception/SyntaxErrorException.php 2026-01-08 00:36:50.456263061 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Exception/SyntaxErrorException.php 2026-01-07 00:41:19.789227547 +0000@@ -25,17 +25,17 @@ { public static function unexpectedToken(string $expectedValue, Token $foundToken): self {- return new self(sprintf('Expected %s, but %s found.', $expectedValue, $foundToken));+ return new self(\sprintf('Expected %s, but %s found.', $expectedValue, $foundToken)); } public static function pseudoElementFound(string $pseudoElement, string $unexpectedLocation): self {- return new self(sprintf('Unexpected pseudo-element "::%s" found %s.', $pseudoElement, $unexpectedLocation));+ return new self(\sprintf('Unexpected pseudo-element "::%s" found %s.', $pseudoElement, $unexpectedLocation)); } public static function unclosedString(int $position): self {- return new self(sprintf('Unclosed/invalid string at %s.', $position));+ return new self(\sprintf('Unclosed/invalid string at %s.', $position)); } public static function nestedNot(): self@@ -43,6 +43,11 @@ return new self('Got nested ::not().'); } + public static function notAtTheStartOfASelector(string $pseudoElement): self+ {+ return new self(\sprintf('Got immediate child pseudo-element ":%s" not at the start of a selector', $pseudoElement));+ }+ public static function stringAsFunctionArgument(): self { return new self('String not allowed as function argument.');
Vulnerability Existed: no [No Vulnerability Detected] Explanation: The diff shows three changes to the SyntaxErrorException.php file: 1. **sprintf() calls prefixed with backslash**: Lines 28, 33, and 38 change `sprintf()` to `\sprintf()`. This is a namespace qualification change that explicitly calls the global `sprintf()` function. This is a best practice in libraries to avoid conflicts with user-defined functions and is NOT a security fix or vulnerability. It actually improves code reliability by preventing namespace pollution attacks. 2. **New method added**: A new static method `notAtTheStartOfASelector()` is added (lines 46-49). This method follows the same pattern as existing methods and properly uses `\sprintf()` for string formatting. This is a feature addition with no security implications. All string formatting uses `sprintf()` with developer-controlled format strings (not user input), so there is no format string vulnerability. The changes are purely code quality improvements (explicit namespace qualification) and feature additions. No security vulnerabilities are present in this diff.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Node/AttributeNode.php 2026-01-08 00:36:50.464263546 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Node/AttributeNode.php 2026-01-07 00:41:19.789227547 +0000@@ -23,7 +23,7 @@ */ class AttributeNode extends AbstractNode {- private $selector;+ private NodeInterface $selector; private ?string $namespace; private string $attribute; private string $operator;@@ -63,9 +63,6 @@ return $this->value; } - /**- * {@inheritdoc}- */ public function getSpecificity(): Specificity { return $this->selector->getSpecificity()->plus(new Specificity(0, 1, 0));@@ -76,7 +73,7 @@ $attribute = $this->namespace ? $this->namespace.'|'.$this->attribute : $this->attribute; return 'exists' === $this->operator- ? sprintf('%s[%s[%s]]', $this->getNodeName(), $this->selector, $attribute)- : sprintf("%s[%s[%s %s '%s']]", $this->getNodeName(), $this->selector, $attribute, $this->operator, $this->value);+ ? \sprintf('%s[%s[%s]]', $this->getNodeName(), $this->selector, $attribute)+ : \sprintf("%s[%s[%s %s '%s']]", $this->getNodeName(), $this->selector, $attribute, $this->operator, $this->value); } }
I'll analyze this code diff for security vulnerabilities.
**Vulnerability Existed: no**
**No Security Vulnerabilities Detected**
Explanation:
This diff contains only code quality and type safety improvements, not security fixes:
1. **Type Declaration Addition (Line 26)**: Adding `NodeInterface $selector` type hint improves type safety but doesn't fix a security vulnerability. This is a type safety enhancement.
2. **Documentation Comment Removal (Lines 66-68)**: Removing the `{@inheritdoc}` PHPDoc comment is a documentation cleanup, not a security fix.
3. **sprintf() Prefix Addition (Lines 79-80)**: Changing `sprintf()` to `\sprintf()` uses the fully-qualified function name to avoid potential function name collisions or namespace issues. While this is a best practice for defensive coding, it's not fixing an exploitable security vulnerability. This prevents potential namespace pollution issues but doesn't address CWE-related vulnerabilities in the traditional sense.
**Summary**: This diff represents code modernization and quality improvements (type hints, explicit namespace usage) but does not contain fixes for actual security vulnerabilities. The changes improve code robustness and maintainability rather than patching security flaws.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Node/ClassNode.php 2026-01-08 00:36:50.464263546 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Node/ClassNode.php 2026-01-07 00:41:19.789227547 +0000@@ -23,7 +23,7 @@ */ class ClassNode extends AbstractNode {- private $selector;+ private NodeInterface $selector; private string $name; public function __construct(NodeInterface $selector, string $name)@@ -42,9 +42,6 @@ return $this->name; } - /**- * {@inheritdoc}- */ public function getSpecificity(): Specificity { return $this->selector->getSpecificity()->plus(new Specificity(0, 1, 0));@@ -52,6 +49,6 @@ public function __toString(): string {- return sprintf('%s[%s.%s]', $this->getNodeName(), $this->selector, $this->name);+ return \sprintf('%s[%s.%s]', $this->getNodeName(), $this->selector, $this->name); } }
Analyzing the provided code diff for security vulnerabilities:
---
**Vulnerability 1:**
Vulnerability Existed: **no**
**Type Safety Improvement - No CWE** - vendor/symfony/css-selector/Node/ClassNode.php [Line 26]
Old Code:
```php
private $selector;
```
Fixed Code:
```php
private NodeInterface $selector;
```
Explanation:
This is a type declaration improvement, not a security fix. Adding the `NodeInterface` type hint provides compile-time type safety and prevents accidental assignment of incompatible types. This is a code quality enhancement that reduces potential logic errors but does not address an exploitable security vulnerability. The code was already safe because the constructor enforced the type, but this makes it explicit.
---
**Vulnerability 2:**
Vulnerability Existed: **no**
**Documentation Cleanup - No CWE** - vendor/symfony/css-selector/Node/ClassNode.php [Lines 45-47]
Old Code:
```php
/**
* {@inheritdoc}
*/
public function getSpecificity(): Specificity
```
Fixed Code:
```php
public function getSpecificity(): Specificity
```
Explanation:
This is documentation cleanup, not a security fix. Removing redundant `{@inheritdoc}` comments does not address any security vulnerability. This is a code style improvement for maintainability.
---
**Vulnerability 3:**
Vulnerability Existed: **no**
**Code Style - No CWE** - vendor/symfony/css-selector/Node/ClassNode.php [Line 52]
Old Code:
```php
return sprintf('%s[%s.%s]', $this->getNodeName(), $this->selector, $this->name);
```
Fixed Code:
```php
return \sprintf('%s[%s.%s]', $this->getNodeName(), $this->selector, $this->name);
```
Explanation:
This change uses the fully qualified function name `\sprintf()` instead of the relative `sprintf()`. This is a code style improvement that avoids namespace resolution overhead but does not address a security vulnerability. Both versions are functionally equivalent and equally safe.
---
**Summary:** This diff contains **no security fixes**. It consists entirely of code quality improvements: type declarations, documentation cleanup, and function call optimization.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Node/CombinedSelectorNode.php 2026-01-08 00:36:50.464263546 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Node/CombinedSelectorNode.php 2026-01-07 00:41:19.789227547 +0000@@ -23,9 +23,9 @@ */ class CombinedSelectorNode extends AbstractNode {- private $selector;+ private NodeInterface $selector; private string $combinator;- private $subSelector;+ private NodeInterface $subSelector; public function __construct(NodeInterface $selector, string $combinator, NodeInterface $subSelector) {@@ -49,9 +49,6 @@ return $this->subSelector; } - /**- * {@inheritdoc}- */ public function getSpecificity(): Specificity { return $this->selector->getSpecificity()->plus($this->subSelector->getSpecificity());@@ -61,6 +58,6 @@ { $combinator = ' ' === $this->combinator ? '<followed>' : $this->combinator; - return sprintf('%s[%s %s %s]', $this->getNodeName(), $this->selector, $combinator, $this->subSelector);+ return \sprintf('%s[%s %s %s]', $this->getNodeName(), $this->selector, $combinator, $this->subSelector); } }
I'll analyze this code diff for security vulnerabilities.
**Vulnerability Existed: no**
**No Security Vulnerabilities Detected**
Explanation:
This diff contains only code quality and type safety improvements, not security fixes:
1. **Type Declarations (Lines 26, 28)**: Adding explicit `NodeInterface` type hints to `$selector` and `$subSelector` properties improves type safety and prevents unintended type mismatches, but this is a code quality improvement rather than a security fix.
2. **Removed Documentation Comment (Lines 52-54)**: Removing the `{@inheritdoc}` comment is a code cleanliness change with no security implications.
3. **Explicit Namespace Reference (Line 64)**: Changing `sprintf()` to `\sprintf()` uses a fully qualified function name. This is a code quality practice to avoid potential namespace conflicts, but it has no security impact in this context since `sprintf()` is a built-in PHP function that cannot be overridden by user code.
None of these changes address or fix actual security vulnerabilities. The diff represents refactoring and modernization of the Symfony CSS Selector component, but does not patch any security issues.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Node/ElementNode.php 2026-01-08 00:36:50.468263788 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Node/ElementNode.php 2026-01-07 00:41:19.789227547 +0000@@ -26,7 +26,7 @@ private ?string $namespace; private ?string $element; - public function __construct(string $namespace = null, string $element = null)+ public function __construct(?string $namespace = null, ?string $element = null) { $this->namespace = $namespace; $this->element = $element;@@ -42,9 +42,6 @@ return $this->element; } - /**- * {@inheritdoc}- */ public function getSpecificity(): Specificity { return new Specificity(0, 0, $this->element ? 1 : 0);@@ -54,6 +51,6 @@ { $element = $this->element ?: '*'; - return sprintf('%s[%s]', $this->getNodeName(), $this->namespace ? $this->namespace.'|'.$element : $element);+ return \sprintf('%s[%s]', $this->getNodeName(), $this->namespace ? $this->namespace.'|'.$element : $element); } }
```
Vulnerability Existed: no
No Security Vulnerabilities Detected
Analysis Summary:
This diff contains three code changes to vendor/symfony/css-selector/Node/ElementNode.php, none of which represent security fixes or introduce security vulnerabilities:
1. Type Declaration Update (Line 29)
Old Code: public function __construct(string $namespace = null, string $element = null)
Fixed Code: public function __construct(?string $namespace = null, ?string $element = null)
Explanation: This is a PHP type safety improvement, changing from nullable assignment to proper nullable type declarations (?string). This is a best practice for code quality but does not address a security vulnerability. The behavior remains identical.
2. Documentation Removal (Lines 45-47)
Old Code: /**
* {@inheritdoc}
*/
Fixed Code: (removed)
Explanation: Removal of an inherited documentation comment. This is code cleanup with no security implications.
3. Function Namespace Qualification (Line 57)
Old Code: return sprintf(...)
Fixed Code: return \sprintf(...)
Explanation: Adding explicit global namespace qualification to the sprintf() function call. This is a minor code style improvement to avoid potential namespace conflicts, but does not address an actual security vulnerability in this context.
Conclusion: These are routine code maintenance and PHP best practice improvements, not security fixes addressing actual vulnerabilities.
```
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Node/FunctionNode.php 2026-01-08 00:36:50.468263788 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Node/FunctionNode.php 2026-01-07 00:41:19.789227547 +0000@@ -25,7 +25,7 @@ */ class FunctionNode extends AbstractNode {- private $selector;+ private NodeInterface $selector; private string $name; private array $arguments; @@ -57,9 +57,6 @@ return $this->arguments; } - /**- * {@inheritdoc}- */ public function getSpecificity(): Specificity { return $this->selector->getSpecificity()->plus(new Specificity(0, 1, 0));@@ -67,10 +64,8 @@ public function __toString(): string {- $arguments = implode(', ', array_map(function (Token $token) {- return "'".$token->getValue()."'";- }, $this->arguments));+ $arguments = implode(', ', array_map(fn (Token $token) => "'".$token->getValue()."'", $this->arguments)); - return sprintf('%s[%s:%s(%s)]', $this->getNodeName(), $this->selector, $this->name, $arguments ? '['.$arguments.']' : '');+ return \sprintf('%s[%s:%s(%s)]', $this->getNodeName(), $this->selector, $this->name, $arguments ? '['.$arguments.']' : ''); } }
```
Vulnerability Existed: no
[No Vulnerability Detected]
File: vendor/symfony/css-selector/Node/FunctionNode.php
Analysis of Changes:
1. Type Declaration Addition (Line 28)
Old Code: private $selector;
Fixed Code: private NodeInterface $selector;
Explanation: This is a code quality improvement, not a security fix. Adding explicit type hints enhances type safety and enables better static analysis. No security vulnerability existed in the original code.
2. Documentation Removal (Lines 60-62)
Old Code:
/**
* {@inheritdoc}
*/
Fixed Code: (removed)
Explanation: Removal of redundant documentation is a maintenance improvement, not a security fix. No vulnerability existed.
3. Arrow Function Modernization (Lines 70-72)
Old Code: array_map(function (Token $token) { return "'".$token->getValue()."'"; }, $this->arguments)
Fixed Code: array_map(fn (Token $token) => "'".$token->getValue()."'", $this->arguments)
Explanation: This is syntactic modernization (PHP 7.4+ arrow function syntax). No security vulnerability in either version. Both properly escape the token value using single quotes.
4. Fully Qualified Function Name (Line 75)
Old Code: sprintf('%s[%s:%s(%s)]', ...)
Fixed Code: \sprintf('%s[%s:%s(%s)]', ...)
Explanation: Adding the global namespace prefix (\sprintf) is a minor optimization that avoids potential function name conflicts. No security vulnerability in either version.
Overall Assessment:
This diff contains code quality, modernization, and maintainability improvements only. No security vulnerabilities were present in the original code, nor are there any security-related fixes in this patch. The changes are purely stylistic and align with modern PHP best practices.
```
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Node/HashNode.php 2026-01-08 00:36:50.468263788 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Node/HashNode.php 2026-01-07 00:41:19.789227547 +0000@@ -23,7 +23,7 @@ */ class HashNode extends AbstractNode {- private $selector;+ private NodeInterface $selector; private string $id; public function __construct(NodeInterface $selector, string $id)@@ -42,9 +42,6 @@ return $this->id; } - /**- * {@inheritdoc}- */ public function getSpecificity(): Specificity { return $this->selector->getSpecificity()->plus(new Specificity(1, 0, 0));@@ -52,6 +49,6 @@ public function __toString(): string {- return sprintf('%s[%s#%s]', $this->getNodeName(), $this->selector, $this->id);+ return \sprintf('%s[%s#%s]', $this->getNodeName(), $this->selector, $this->id); } }
Analyzing the provided code diff for security vulnerabilities:
---
**Vulnerability 1:**
Vulnerability Existed: no
[No Vulnerability] - [N/A] - vendor/symfony/css-selector/Node/HashNode.php [26]
Old Code:
```php
private $selector;
```
Fixed Code:
```php
private NodeInterface $selector;
```
Explanation:
This change adds a type declaration to the `$selector` property. This is a code quality improvement that adds type safety but does not fix a security vulnerability. Type declarations help prevent type confusion but were not previously exploitable in this context.
---
**Vulnerability 2:**
Vulnerability Existed: no
[No Vulnerability] - [N/A] - vendor/symfony/css-selector/Node/HashNode.php [45-47]
Old Code:
```php
/**
* {@inheritdoc}
*/
```
Fixed Code:
(removed)
Explanation:
This is a documentation comment removal. Removing redundant PHPDoc comments does not address or relate to any security vulnerability. This is purely a code style/documentation change.
---
**Vulnerability 3:**
Vulnerability Existed: no
[No Vulnerability] - [N/A] - vendor/symfony/css-selector/Node/HashNode.php [55]
Old Code:
```php
return sprintf('%s[%s#%s]', $this->getNodeName(), $this->selector, $this->id);
```
Fixed Code:
```php
return \sprintf('%s[%s#%s]', $this->getNodeName(), $this->selector, $this->id);
```
Explanation:
This change adds a fully qualified namespace prefix to the `sprintf()` function call. This is a minor code style/performance optimization (avoiding namespace resolution) but does not fix a security vulnerability. The function call itself is safe and the change has no security implications.
---
**Summary:** This diff contains only code quality and style improvements. No security vulnerabilities were fixed or discovered.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Node/NegationNode.php 2026-01-08 00:36:50.472264031 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Node/NegationNode.php 2026-01-07 00:41:19.789227547 +0000@@ -23,8 +23,8 @@ */ class NegationNode extends AbstractNode {- private $selector;- private $subSelector;+ private NodeInterface $selector;+ private NodeInterface $subSelector; public function __construct(NodeInterface $selector, NodeInterface $subSelector) {@@ -42,9 +42,6 @@ return $this->subSelector; } - /**- * {@inheritdoc}- */ public function getSpecificity(): Specificity { return $this->selector->getSpecificity()->plus($this->subSelector->getSpecificity());@@ -52,6 +49,6 @@ public function __toString(): string {- return sprintf('%s[%s:not(%s)]', $this->getNodeName(), $this->selector, $this->subSelector);+ return \sprintf('%s[%s:not(%s)]', $this->getNodeName(), $this->selector, $this->subSelector); } }
Analyzing the security implications of this code diff:
Vulnerability Existed: no
Explanation:
This diff contains only code modernization and style changes with no security vulnerabilities:
1. **Type Declarations (Lines 26-27)**: Adding explicit `NodeInterface` type hints to private properties (`private NodeInterface $selector` instead of `private $selector`) is a positive security practice. It enforces type safety and prevents unintended type confusion attacks. This strengthens rather than weakens security.
2. **Removed PHPDoc (Lines 45-47)**: Removing the `{@inheritdoc}` PHPDoc comment is a documentation change with no security impact.
3. **Fully Qualified Function Name (Line 55)**: Changing `sprintf()` to `\sprintf()` (using the global namespace prefix) is a performance and clarity optimization that prevents namespace collision issues. This has no negative security implications and is considered a best practice.
None of these changes introduce, fix, or relate to any security vulnerabilities. The modifications are purely about code quality, type safety, and standards compliance.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Node/NodeInterface.php 2026-01-08 00:36:50.472264031 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Node/NodeInterface.php 2026-01-07 00:41:19.789227547 +0000@@ -21,11 +21,9 @@ * * @internal */-interface NodeInterface+interface NodeInterface extends \Stringable { public function getNodeName(): string; public function getSpecificity(): Specificity;-- public function __toString(): string; }
I'll analyze this code diff for security vulnerabilities.
Vulnerability Existed: no
[No Vulnerability] - [N/A] - [vendor/symfony/css-selector/Node/NodeInterface.php] [Lines 24-31]
Old Code:
```php
interface NodeInterface
{
public function getNodeName(): string;
public function getSpecificity(): Specificity;
public function __toString(): string;
}
```
Fixed Code:
```php
interface NodeInterface extends \Stringable
{
public function getNodeName(): string;
public function getSpecificity(): Specificity;
}
```
Explanation:
This diff represents a code refactoring, not a security fix. The change moves the `__toString()` method declaration from explicit definition in the interface to implicit inheritance via the `\Stringable` interface (PHP 8.0+). This is a best practice improvement that leverages PHP's built-in `Stringable` interface instead of duplicating the method signature. No security vulnerability is being fixed here—the functionality and behavior remain identical. The `\Stringable` interface is a standard PHP interface that guarantees the presence of a `__toString()` method, making this change a cleaner implementation approach.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Node/PseudoNode.php 2026-01-08 00:36:50.476264273 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Node/PseudoNode.php 2026-01-07 00:41:19.789227547 +0000@@ -23,7 +23,7 @@ */ class PseudoNode extends AbstractNode {- private $selector;+ private NodeInterface $selector; private string $identifier; public function __construct(NodeInterface $selector, string $identifier)@@ -42,9 +42,6 @@ return $this->identifier; } - /**- * {@inheritdoc}- */ public function getSpecificity(): Specificity { return $this->selector->getSpecificity()->plus(new Specificity(0, 1, 0));@@ -52,6 +49,6 @@ public function __toString(): string {- return sprintf('%s[%s:%s]', $this->getNodeName(), $this->selector, $this->identifier);+ return \sprintf('%s[%s:%s]', $this->getNodeName(), $this->selector, $this->identifier); } }
Analyzing the provided code diff for security vulnerabilities:
---
**Vulnerability 1:**
Vulnerability Existed: no
No CWE - N/A - vendor/symfony/css-selector/Node/PseudoNode.php [Line 26]
Old Code:
```php
private $selector;
```
Fixed Code:
```php
private NodeInterface $selector;
```
Explanation:
This is a type declaration enhancement, not a security fix. Adding explicit type hints (`NodeInterface`) improves type safety and code quality by enabling static analysis and preventing type-related errors at runtime. This is a defensive improvement but not addressing an existing vulnerability.
---
**Vulnerability 2:**
Vulnerability Existed: no
No CWE - N/A - vendor/symfony/css-selector/Node/PseudoNode.php [Lines 45-47]
Old Code:
```php
/**
* {@inheritdoc}
*/
```
Fixed Code:
```php
(removed)
```
Explanation:
Removal of a documentation comment is not a security fix. This is a code cleanup change. The comment removal doesn't affect security posture.
---
**Vulnerability 3:**
Vulnerability Existed: no
No CWE - N/A - vendor/symfony/css-selector/Node/PseudoNode.php [Line 55]
Old Code:
```php
return sprintf('%s[%s:%s]', $this->getNodeName(), $this->selector, $this->identifier);
```
Fixed Code:
```php
return \sprintf('%s[%s:%s]', $this->getNodeName(), $this->selector, $this->identifier);
```
Explanation:
This change adds a namespace prefix (`\sprintf`) to the `sprintf` function call. This is a performance/best-practice optimization that ensures the global namespace function is called directly, avoiding potential namespace resolution overhead. This is not a security vulnerability fix, as `sprintf` is a safe built-in PHP function and the change doesn't mitigate any security risks.
---
**Summary:** This diff contains no security vulnerability fixes. The changes are code quality improvements (type hints), documentation cleanup, and a minor performance optimization.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Node/SelectorNode.php 2026-01-08 00:36:50.476264273 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Node/SelectorNode.php 2026-01-07 00:41:19.789227547 +0000@@ -23,10 +23,10 @@ */ class SelectorNode extends AbstractNode {- private $tree;+ private NodeInterface $tree; private ?string $pseudoElement; - public function __construct(NodeInterface $tree, string $pseudoElement = null)+ public function __construct(NodeInterface $tree, ?string $pseudoElement = null) { $this->tree = $tree; $this->pseudoElement = $pseudoElement ? strtolower($pseudoElement) : null;@@ -42,9 +42,6 @@ return $this->pseudoElement; } - /**- * {@inheritdoc}- */ public function getSpecificity(): Specificity { return $this->tree->getSpecificity()->plus(new Specificity(0, 0, $this->pseudoElement ? 1 : 0));@@ -52,6 +49,6 @@ public function __toString(): string {- return sprintf('%s[%s%s]', $this->getNodeName(), $this->tree, $this->pseudoElement ? '::'.$this->pseudoElement : '');+ return \sprintf('%s[%s%s]', $this->getNodeName(), $this->tree, $this->pseudoElement ? '::'.$this->pseudoElement : ''); } }
I'll analyze this code diff for security vulnerabilities.
Vulnerability Existed: no
[Type Juggling / Type Safety Issue] - [CWE-1025] - [vendor/symfony/css-selector/Node/SelectorNode.php] [Lines 26, 29]
Old Code:
```php
private $tree;
...
public function __construct(NodeInterface $tree, string $pseudoElement = null)
```
Fixed Code:
```php
private NodeInterface $tree;
...
public function __construct(NodeInterface $tree, ?string $pseudoElement = null)
```
Explanation:
These changes add proper type declarations but do not fix a security vulnerability. The changes improve type safety by:
1. Adding explicit type hint `NodeInterface` to the `$tree` property (line 26)
2. Changing `string $pseudoElement = null` to `?string $pseudoElement = null` (line 29) to properly represent nullable string type
While these improve code quality and prevent potential type-related bugs, they are not security fixes. The code was already functionally safe; the original code would still work correctly with PHP's type coercion.
---
Vulnerability Existed: no
[Code Style / Documentation] - [N/A] - [vendor/symfony/css-selector/Node/SelectorNode.php] [Lines 45-47]
Old Code:
```php
/**
* {@inheritdoc}
*/
public function getSpecificity(): Specificity
```
Fixed Code:
```php
public function getSpecificity(): Specificity
```
Explanation:
Removal of the `{@inheritdoc}` documentation comment is a documentation/style change, not a security fix. This has no security implications.
---
Vulnerability Existed: no
[Code Style] - [N/A] - [vendor/symfony/css-selector/Node/SelectorNode.php] [Line 52]
Old Code:
```php
return sprintf('%s[%s%s]', $this->getNodeName(), $this->tree, $this->pseudoElement ? '::'.$this->pseudoElement : '');
```
Fixed Code:
```php
return \sprintf('%s[%s%s]', $this->getNodeName(), $this->tree, $this->pseudoElement ? '::'.$this->pseudoElement : '');
```
Explanation:
Adding the namespace prefix `\sprintf` instead of `sprintf` is a code style improvement (explicitly calling the global function), not a security fix. This has no security implications as both forms call the same function.
---
**Summary:** This diff contains no security vulnerability fixes. The changes are purely quality improvements: adding proper PHP type declarations for better static analysis and type safety, and minor code style adjustments.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Parser/Handler/CommentHandler.php 2026-01-08 00:36:50.484264758 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Parser/Handler/CommentHandler.php 2026-01-07 00:41:19.789227547 +0000@@ -26,9 +26,6 @@ */ class CommentHandler implements HandlerInterface {- /**- * {@inheritdoc}- */ public function handle(Reader $reader, TokenStream $stream): bool { if ('/*' !== $reader->getSubstring(2)) {
Vulnerability Existed: no
Code Style/Documentation Change - No CWE - vendor/symfony/css-selector/Parser/Handler/CommentHandler.php [Lines 29-31]
Old Code:
```php
/**
* {@inheritdoc}
*/
public function handle(Reader $reader, TokenStream $stream): bool
```
Fixed Code:
```php
public function handle(Reader $reader, TokenStream $stream): bool
```
Explanation:
This diff removes a PHPDoc comment block containing `{@inheritdoc}` annotation. This is a documentation/code style change, not a security fix. The removal of this comment does not address any security vulnerability. The `{@inheritdoc}` annotation is simply documentation metadata that indicates the method inherits its documentation from an interface or parent class. Removing it has no impact on the security posture of the code, as the method's functionality remains unchanged and the interface contract is still enforced by the type hints.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Parser/Handler/HashHandler.php 2026-01-08 00:36:50.488265001 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Parser/Handler/HashHandler.php 2026-01-07 00:41:19.789227547 +0000@@ -29,8 +29,8 @@ */ class HashHandler implements HandlerInterface {- private $patterns;- private $escaping;+ private TokenizerPatterns $patterns;+ private TokenizerEscaping $escaping; public function __construct(TokenizerPatterns $patterns, TokenizerEscaping $escaping) {@@ -38,9 +38,6 @@ $this->escaping = $escaping; } - /**- * {@inheritdoc}- */ public function handle(Reader $reader, TokenStream $stream): bool { $match = $reader->findPattern($this->patterns->getHashPattern());
Vulnerability Existed: no
[No Vulnerability Detected] - [N/A] - vendor/symfony/css-selector/Parser/Handler/HashHandler.php [32-33, 42-44]
Old Code:
```php
private $patterns;
private $escaping;
/**
* {@inheritdoc}
*/
public function handle(Reader $reader, TokenStream $stream): bool
```
Fixed Code:
```php
private TokenizerPatterns $patterns;
private TokenizerEscaping $escaping;
public function handle(Reader $reader, TokenStream $stream): bool
```
Explanation:
This diff contains no security fixes or vulnerability remediation. The changes are purely code quality improvements:
1. **Type Declarations (Lines 32-33)**: Adding explicit property type declarations (`TokenizerPatterns` and `TokenizerEscaping`) to private properties. This is a modernization for PHP 7.4+ type safety, improving code maintainability and IDE support, but does not fix any security vulnerability.
2. **Documentation Removal (Lines 42-44)**: Removing a redundant `{@inheritdoc}` PHPDoc comment. This is a documentation cleanup that has no security implications.
These are maintenance improvements that enhance code quality and readability, but they do not address any security vulnerabilities. No CWE applies to these changes.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Parser/Handler/IdentifierHandler.php 2026-01-08 00:36:50.488265001 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Parser/Handler/IdentifierHandler.php 2026-01-07 00:41:19.789227547 +0000@@ -29,8 +29,8 @@ */ class IdentifierHandler implements HandlerInterface {- private $patterns;- private $escaping;+ private TokenizerPatterns $patterns;+ private TokenizerEscaping $escaping; public function __construct(TokenizerPatterns $patterns, TokenizerEscaping $escaping) {@@ -38,9 +38,6 @@ $this->escaping = $escaping; } - /**- * {@inheritdoc}- */ public function handle(Reader $reader, TokenStream $stream): bool { $match = $reader->findPattern($this->patterns->getIdentifierPattern());
Vulnerability Existed: no
No Vulnerability Detected - Code Quality Improvement
File: vendor/symfony/css-selector/Parser/Handler/IdentifierHandler.php [Lines 32-33, 41-43]
Old Code:
```php
private $patterns;
private $escaping;
...
/**
* {@inheritdoc}
*/
public function handle(Reader $reader, TokenStream $stream): bool
```
Fixed Code:
```php
private TokenizerPatterns $patterns;
private TokenizerEscaping $escaping;
...
public function handle(Reader $reader, TokenStream $stream): bool
```
Explanation:
This diff shows code modernization and quality improvements, not security fixes:
1. **Type Declarations (Lines 32-33)**: The properties are updated from untyped PHP properties to typed properties using PHP 7.4+ syntax (`private TokenizerPatterns $patterns` instead of `private $patterns`). This improves code clarity and enables static analysis but does not address a security vulnerability.
2. **Documentation Removal (Lines 41-43)**: The `{@inheritdoc}` PHPDoc comment is removed from the `handle()` method. This is a documentation cleanup and does not impact security.
These changes represent code quality improvements and modernization to PHP 7.4+ syntax standards, not security vulnerability fixes.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Parser/Handler/NumberHandler.php 2026-01-08 00:36:50.492265243 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Parser/Handler/NumberHandler.php 2026-01-07 00:41:19.789227547 +0000@@ -28,16 +28,13 @@ */ class NumberHandler implements HandlerInterface {- private $patterns;+ private TokenizerPatterns $patterns; public function __construct(TokenizerPatterns $patterns) { $this->patterns = $patterns; } - /**- * {@inheritdoc}- */ public function handle(Reader $reader, TokenStream $stream): bool { $match = $reader->findPattern($this->patterns->getNumberPattern());
Vulnerability Existed: no
Property Type Declaration - CWE-1104 - vendor/symfony/css-selector/Parser/Handler/NumberHandler.php [31]
```php
private $patterns;
```
```php
private TokenizerPatterns $patterns;
```
Explanation:
This is not a security vulnerability fix. The change adds a type declaration to the `$patterns` property, changing from an untyped property to a typed property with the `TokenizerPatterns` class type. This is a code quality improvement that enhances type safety and IDE support, but it does not address any security vulnerability. The removal of the `{@inheritdoc}` docblock comment is also a documentation cleanup, not a security fix. No security vulnerability existed in the original code that this change addresses.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Parser/Handler/StringHandler.php 2026-01-08 00:36:50.492265243 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Parser/Handler/StringHandler.php 2026-01-07 00:41:19.789227547 +0000@@ -31,8 +31,8 @@ */ class StringHandler implements HandlerInterface {- private $patterns;- private $escaping;+ private TokenizerPatterns $patterns;+ private TokenizerEscaping $escaping; public function __construct(TokenizerPatterns $patterns, TokenizerEscaping $escaping) {@@ -40,9 +40,6 @@ $this->escaping = $escaping; } - /**- * {@inheritdoc}- */ public function handle(Reader $reader, TokenStream $stream): bool { $quote = $reader->getSubstring(1);@@ -55,7 +52,7 @@ $match = $reader->findPattern($this->patterns->getQuotedStringPattern($quote)); if (!$match) {- throw new InternalErrorException(sprintf('Should have found at least an empty match at %d.', $reader->getPosition()));+ throw new InternalErrorException(\sprintf('Should have found at least an empty match at %d.', $reader->getPosition())); } // check unclosed strings
I'll analyze the provided code diff for security vulnerabilities.
**Vulnerability Existed: no**
**No Vulnerabilities Detected**
**Explanation:**
The diff shows three code changes to the `StringHandler.php` file:
1. **Type Declarations Added (Lines 34-35)**: Changed from untyped properties to explicitly typed properties:
- `private $patterns;` → `private TokenizerPatterns $patterns;`
- `private $escaping;` → `private TokenizerEscaping $escaping;`
This is a security improvement, not a vulnerability. Type hints provide better type safety and prevent type confusion attacks.
2. **Documentation Comment Removed (Lines 43-45)**: Removed the `{@inheritdoc}` PHPDoc comment. This is a code cleanup that has no security implications.
3. **Function Call Style Changed (Line 58)**: Changed from `sprintf()` to `\sprintf()`:
- `throw new InternalErrorException(sprintf(...))` → `throw new InternalErrorException(\sprintf(...))`
Using the fully-qualified function name `\sprintf()` with a leading backslash is actually a security/performance best practice in PHP. It prevents namespace collision and avoids potential function hijacking if a custom `sprintf` function were defined in the current namespace.
**Summary:** These changes represent code quality improvements and best practices. No security vulnerabilities exist in this diff, and the modifications actually enhance code security through better type safety and namespace qualification.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Parser/Handler/WhitespaceHandler.php 2026-01-08 00:36:50.496265486 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Parser/Handler/WhitespaceHandler.php 2026-01-07 00:41:19.789227547 +0000@@ -27,9 +27,6 @@ */ class WhitespaceHandler implements HandlerInterface {- /**- * {@inheritdoc}- */ public function handle(Reader $reader, TokenStream $stream): bool { $match = $reader->findPattern('~^[ \t\r\n\f]+~');
I'll analyze this code diff for security vulnerabilities.
Vulnerability Existed: no
No Vulnerability - Documentation Comment Removal - vendor/symfony/css-selector/Parser/Handler/WhitespaceHandler.php (lines 30-32)
Old Code:
```php
/**
* {@inheritdoc}
*/
public function handle(Reader $reader, TokenStream $stream): bool
```
Fixed Code:
```php
public function handle(Reader $reader, TokenStream $stream): bool
```
Explanation:
This change removes a documentation comment (`{@inheritdoc}`) from the `handle` method. This is not a security fix but rather a code cleanup or style change. The removal of documentation comments does not introduce or fix any security vulnerabilities. The method signature and implementation remain unchanged, so there are no security implications from this modification. This appears to be a minor refactoring to remove redundant documentation, as the method is implementing an interface and the comment was indicating that documentation is inherited from the interface definition.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Parser/Parser.php 2026-01-08 00:36:50.496265486 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Parser/Parser.php 2026-01-07 00:41:19.793227791 +0000@@ -19,7 +19,7 @@ * CSS selector parser. * * This component is a port of the Python cssselect library,- * which is copyright Ian Bicking, @see https://github.com/SimonSapin/cssselect.+ * which is copyright Ian Bicking, @see https://github.com/scrapy/cssselect. * * @author Jean-François Simon <[email protected]> *@@ -27,16 +27,13 @@ */ class Parser implements ParserInterface {- private $tokenizer;+ private Tokenizer $tokenizer; - public function __construct(Tokenizer $tokenizer = null)+ public function __construct(?Tokenizer $tokenizer = null) { $this->tokenizer = $tokenizer ?? new Tokenizer(); } - /**- * {@inheritdoc}- */ public function parse(string $source): array { $reader = new Reader($source);@@ -60,9 +57,7 @@ } } - $joined = trim(implode('', array_map(function (Token $token) {- return $token->getValue();- }, $tokens)));+ $joined = trim(implode('', array_map(fn (Token $token) => $token->getValue(), $tokens))); $int = function ($string) { if (!is_numeric($string)) {@@ -197,7 +192,18 @@ if (!$stream->getPeek()->isDelimiter(['('])) { $result = new Node\PseudoNode($result, $identifier);-+ if ('Pseudo[Element[*]:scope]' === $result->__toString()) {+ $used = \count($stream->getUsed());+ if (!(2 === $used+ || 3 === $used && $stream->getUsed()[0]->isWhiteSpace()+ || $used >= 3 && $stream->getUsed()[$used - 3]->isDelimiter([','])+ || $used >= 4+ && $stream->getUsed()[$used - 3]->isWhiteSpace()+ && $stream->getUsed()[$used - 4]->isDelimiter([','])+ )) {+ throw SyntaxErrorException::notAtTheStartOfASelector('scope');+ }+ } continue; } @@ -242,7 +248,7 @@ } } - if (empty($arguments)) {+ if (!$arguments) { throw SyntaxErrorException::unexpectedToken('at least one argument', $next); }
I'll analyze this code diff for security vulnerabilities.
Vulnerability Existed: yes
FALSE POSITIVE
CSS Selector Injection / Improper Input Validation - CWE-94 - vendor/symfony/css-selector/Parser/Parser.php Lines 195-207
Old Code:
```php
if (!$stream->getPeek()->isDelimiter(['('])) {
$result = new Node\PseudoNode($result, $identifier);
continue;
}
```
Fixed Code:
```php
if (!$stream->getPeek()->isDelimiter(['('])) {
$result = new Node\PseudoNode($result, $identifier);
if ('Pseudo[Element[*]:scope]' === $result->__toString()) {
$used = \count($stream->getUsed());
if (!(2 === $used
|| 3 === $used && $stream->getUsed()[0]->isWhiteSpace()
|| $used >= 3 && $stream->getUsed()[$used - 3]->isDelimiter([','])
|| $used >= 4
&& $stream->getUsed()[$used - 3]->isWhiteSpace()
&& $stream->getUsed()[$used - 4]->isDelimiter([','])
)) {
throw SyntaxErrorException::notAtTheStartOfASelector('scope');
}
}
continue;
}
```
Explanation:
The old code did not validate the position of the `:scope` pseudo-element in CSS selectors. The `:scope` pseudo-element should only be allowed at the start of a selector or after a comma (in selector lists), but the original parser did not enforce this restriction. An attacker could craft malicious CSS selectors with `:scope` in invalid positions, potentially causing unexpected parser behavior or exploiting downstream processing logic. The fix adds validation to ensure `:scope` appears only in valid positions, preventing CSS selector injection attacks that could bypass security filters or cause unintended DOM manipulation.
---
Vulnerability Existed: no
Improper Null Comparison - CWE-480 - vendor/symfony/css-selector/Parser/Parser.php Line 251
Old Code:
```php
if (empty($arguments)) {
```
Fixed Code:
```php
if (!$arguments) {
```
Explanation:
This is not a security vulnerability but a code quality improvement. The change from `empty($arguments)` to `!$arguments` is functionally equivalent for array validation and is actually more explicit about the intent (checking for a falsy value). This is a best practice refactoring rather than a security fix, though it does make the code slightly more consistent with modern PHP standards.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Parser/Reader.php 2026-01-08 00:36:50.496265486 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Parser/Reader.php 2026-01-07 00:41:19.793227791 +0000@@ -53,7 +53,10 @@ return substr($this->source, $this->position + $offset, $length); } - public function getOffset(string $string)+ /**+ * @return int|false+ */+ public function getOffset(string $string): int|bool { $position = strpos($this->source, $string, $this->position); @@ -71,12 +74,12 @@ return false; } - public function moveForward(int $length)+ public function moveForward(int $length): void { $this->position += $length; } - public function moveToEnd()+ public function moveToEnd(): void { $this->position = $this->length; }
I'll analyze this code diff for security vulnerabilities. ``` Vulnerability Existed: no Return Type Declaration - Type Safety Enhancement - vendor/symfony/css-selector/Parser/Reader.php - Lines 56-58 [Old Code] public function getOffset(string $string) [Fixed Code] /** * @return int|false */ public function getOffset(string $string): int|bool Explanation: This is not a security vulnerability fix. The change adds explicit return type declarations to improve type safety. The `getOffset()` method uses `strpos()` which returns either an integer offset or false if the string is not found. The old code lacked a return type declaration, while the fixed version explicitly declares `int|bool` as the return type. This improves code clarity and enables better static analysis, but does not address a security vulnerability. Vulnerability Existed: no Return Type Declaration - Type Safety Enhancement - vendor/symfony/css-selector/Parser/Reader.php - Line 77 [Old Code] public function moveForward(int $length) [Fixed Code] public function moveForward(int $length): void Explanation: This is not a security vulnerability fix. The change adds a `void` return type declaration to the `moveForward()` method, which modifies internal state but returns nothing. This improves type safety and code clarity but does not address a security vulnerability. Vulnerability Existed: no Return Type Declaration - Type Safety Enhancement - vendor/symfony/css-selector/Parser/Reader.php - Line 82 [Old Code] public function moveToEnd() [Fixed Code] public function moveToEnd(): void Explanation: This is not a security vulnerability fix. The change adds a `void` return type declaration to the `moveToEnd()` method. Like the previous change, this improves type safety and prevents accidental return value usage, but does not fix a security vulnerability. Summary: This diff contains no security vulnerability fixes. The changes are purely related to adding explicit return type declarations to improve code quality and type safety in the Symfony CSS Selector parser. These are code quality improvements, not security fixes. ```
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Parser/Shortcut/ClassParser.php 2026-01-08 00:36:50.500265728 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Parser/Shortcut/ClassParser.php 2026-01-07 00:41:19.793227791 +0000@@ -28,9 +28,6 @@ */ class ClassParser implements ParserInterface {- /**- * {@inheritdoc}- */ public function parse(string $source): array { // Matches an optional namespace, optional element, and required class
I'll analyze this code diff for security vulnerabilities.
```
Vulnerability Existed: no
No Vulnerability Identified - ClassParser.php
Old Code:
/**
* {@inheritdoc}
*/
public function parse(string $source): array
Fixed Code:
public function parse(string $source): array
Explanation:
This diff removes a documentation comment block (PHPDoc) from the `parse()` method in the ClassParser class. The removal of a `{@inheritdoc}` comment is a documentation/code cleanup change with no security implications. The method signature and implementation remain identical and functionally equivalent. Removing comments does not introduce or fix any security vulnerabilities. The method continues to accept a string parameter and return an array without any changes to input handling, output encoding, or access controls.
```
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Parser/Shortcut/ElementParser.php 2026-01-08 00:36:50.500265728 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Parser/Shortcut/ElementParser.php 2026-01-07 00:41:19.793227791 +0000@@ -27,9 +27,6 @@ */ class ElementParser implements ParserInterface {- /**- * {@inheritdoc}- */ public function parse(string $source): array { // Matches an optional namespace, required element or `*`
Vulnerability Existed: no
No CWE Vulnerability
File: vendor/symfony/css-selector/Parser/Shortcut/ElementParser.php
Old Code:
```php
/**
* {@inheritdoc}
*/
public function parse(string $source): array
```
Fixed Code:
```php
public function parse(string $source): array
```
Explanation:
This diff shows the removal of a documentation comment block (`{@inheritdoc}`). This is a code cleanup change, not a security fix. The removal of documentation comments does not introduce, fix, or relate to any security vulnerability. The method signature and implementation remain unchanged, and no security-relevant code modifications are present in this diff.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Parser/Shortcut/EmptyStringParser.php 2026-01-08 00:36:50.504265970 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Parser/Shortcut/EmptyStringParser.php 2026-01-07 00:41:19.793227791 +0000@@ -31,9 +31,6 @@ */ class EmptyStringParser implements ParserInterface {- /**- * {@inheritdoc}- */ public function parse(string $source): array { // Matches an empty string
Vulnerability Existed: no
No Vulnerability Detected - Documentation Cleanup
Explanation:
This diff removes a documentation comment block (`/** {@inheritdoc} */`) from the `parse()` method in the `EmptyStringParser` class. This is purely a code cleanup/documentation change with no security implications.
The removal of the inheritdoc PHPDoc comment does not:
- Introduce any new code paths or logic
- Remove any security controls or validations
- Change how the function processes input
- Affect access controls or authentication
- Create any injection vectors or resource exhaustion issues
This is a benign refactoring that removes redundant documentation. No security vulnerabilities existed before this change, and none are introduced by it.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Parser/Shortcut/HashParser.php 2026-01-08 00:36:50.504265970 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Parser/Shortcut/HashParser.php 2026-01-07 00:41:19.793227791 +0000@@ -28,9 +28,6 @@ */ class HashParser implements ParserInterface {- /**- * {@inheritdoc}- */ public function parse(string $source): array { // Matches an optional namespace, optional element, and required id
I'll analyze the provided code diff for security vulnerabilities.
**Analysis Result:**
Vulnerability Existed: **no**
**Explanation:**
The diff shows a removal of documentation comments (a PHPDoc block) from the `parse()` method in the HashParser class. Specifically, the `{@inheritdoc}` tag was removed along with its surrounding comment block.
This change does **not** involve any security vulnerability:
1. **No security-relevant code changes**: The modification only affects comments/documentation, not executable code logic.
2. **Comment removal is not a security issue**: Removing or modifying comments, even documentation tags like `{@inheritdoc}`, does not introduce or fix security vulnerabilities. These are purely metadata for developers and documentation tools.
3. **No vulnerability pattern detected**: This diff does not address any injection flaws, authentication issues, authorization problems, data exposure, cryptographic weaknesses, or other security concerns that would be classified under CWE categories.
4. **Code logic unchanged**: The actual `parse()` method implementation remains identical - only the documentation above it was modified.
**Conclusion:** This is a documentation/code style change with no security implications. There is no vulnerability to report.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Parser/Token.php 2026-01-08 00:36:50.512266455 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Parser/Token.php 2026-01-07 00:41:19.793227791 +0000@@ -68,7 +68,7 @@ return false; } - if (empty($values)) {+ if (!$values) { return true; } @@ -103,9 +103,9 @@ public function __toString(): string { if ($this->value) {- return sprintf('<%s "%s" at %s>', $this->type, $this->value, $this->position);+ return \sprintf('<%s "%s" at %s>', $this->type, $this->value, $this->position); } - return sprintf('<%s at %s>', $this->type, $this->position);+ return \sprintf('<%s at %s>', $this->type, $this->position); } }
``` Vulnerability Existed: no N/A - N/A - vendor/symfony/css-selector/Parser/Token.php Lines 71, 106, 108 N/A N/A Explanation: The changes in this diff do not introduce or fix security vulnerabilities. They are code style improvements: 1. Line 71: `empty($values)` → `!$values` - Both expressions are functionally equivalent for checking if a variable is empty/falsy. This is a stylistic preference, not a security fix or regression. 2. Lines 106, 108: `sprintf()` → `\sprintf()` - Adding the global namespace prefix to `sprintf()` is a namespace-related optimization, not a security fix. It ensures the global function is called explicitly rather than relying on namespace resolution, but has no security implications. These changes represent code quality improvements and namespace clarity, not security-related modifications. ```
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Parser/TokenStream.php 2026-01-08 00:36:50.512266455 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Parser/TokenStream.php 2026-01-07 00:41:19.797228035 +0000@@ -37,7 +37,7 @@ private array $used = []; private int $cursor = 0;- private $peeked;+ private ?Token $peeked; private bool $peeking = false; /**@@ -145,7 +145,7 @@ /** * Skips next whitespace if any. */- public function skipWhitespace()+ public function skipWhitespace(): void { $peek = $this->getPeek();
I'll analyze this code diff for security vulnerabilities. Vulnerability Existed: no Type Safety Improvement - No CWE - vendor/symfony/css-selector/Parser/TokenStream.php [40, 148] Old Code: ```php private $peeked; ... public function skipWhitespace() ``` Fixed Code: ```php private ?Token $peeked; ... public function skipWhitespace(): void ``` Explanation: These changes are type safety improvements, not security fixes. The modifications involve: 1. **Line 40**: Adding explicit type declaration `?Token` to the `$peeked` property (previously untyped). This improves code clarity and enables static analysis but does not fix a security vulnerability. 2. **Line 148**: Adding return type `void` to the `skipWhitespace()` method. This is a type hint improvement that doesn't address security concerns. These are defensive coding practices that improve maintainability and catch logic errors through static analysis, but they do not remediate any security vulnerabilities. No CWE-applicable security issue exists in either the old or fixed code.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Parser/Tokenizer/TokenizerEscaping.php 2026-01-08 00:36:50.508266213 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Parser/Tokenizer/TokenizerEscaping.php 2026-01-07 00:41:19.793227791 +0000@@ -23,7 +23,7 @@ */ class TokenizerEscaping {- private $patterns;+ private TokenizerPatterns $patterns; public function __construct(TokenizerPatterns $patterns) {
I'll analyze this code diff for security vulnerabilities. Vulnerability Existed: no Type Safety Enhancement - Not a Security Vulnerability - vendor/symfony/css-selector/Parser/Tokenizer/TokenizerEscaping.php [Line 26] Old Code: ```php private $patterns; ``` Fixed Code: ```php private TokenizerPatterns $patterns; ``` Explanation: This change adds a type declaration to the `$patterns` property, changing it from an untyped property to a explicitly typed property with the `TokenizerPatterns` type hint. This is a code quality and maintainability improvement (enforcing type safety in PHP 7.4+), not a security fix. The change does not address any security vulnerabilities such as injection flaws, access control issues, authentication bypass, or any other OWASP Top 10 vulnerability. The original code was not inherently insecure—it simply lacked explicit type information.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/Parser/Tokenizer/TokenizerPatterns.php 2026-01-08 00:36:50.508266213 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/Parser/Tokenizer/TokenizerPatterns.php 2026-01-07 00:41:19.793227791 +0000@@ -84,6 +84,6 @@ public function getQuotedStringPattern(string $quote): string {- return '~^'.sprintf($this->quotedStringPattern, $quote).'~i';+ return '~^'.\sprintf($this->quotedStringPattern, $quote).'~i'; } }
Vulnerability Existed: no No CWE - Code Style Change - vendor/symfony/css-selector/Parser/Tokenizer/TokenizerPatterns.php Line 87 Old Code: ```php return '~^'.sprintf($this->quotedStringPattern, $quote).'~i'; ``` Fixed Code: ```php return '~^'.\sprintf($this->quotedStringPattern, $quote).'~i'; ``` Explanation: This change adds a backslash prefix to the `sprintf` function call, converting it from a relative function reference to a fully qualified function reference (`\sprintf`). This is a code style/quality improvement, not a security fix. The change ensures the function call explicitly references the global namespace function, which is a PHP best practice for performance and clarity. It has no security implications - both versions call the same standard library function with identical behavior. No vulnerability was fixed or introduced by this change.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/XPath/Extension/AbstractExtension.php 2026-01-08 00:36:50.512266455 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/XPath/Extension/AbstractExtension.php 2026-01-07 00:41:19.797228035 +0000@@ -23,41 +23,26 @@ */ abstract class AbstractExtension implements ExtensionInterface {- /**- * {@inheritdoc}- */ public function getNodeTranslators(): array { return []; } - /**- * {@inheritdoc}- */ public function getCombinationTranslators(): array { return []; } - /**- * {@inheritdoc}- */ public function getFunctionTranslators(): array { return []; } - /**- * {@inheritdoc}- */ public function getPseudoClassTranslators(): array { return []; } - /**- * {@inheritdoc}- */ public function getAttributeMatchingTranslators(): array { return [];
Vulnerability Existed: no
No Security Vulnerability Detected - [N/A] - vendor/symfony/css-selector/XPath/Extension/AbstractExtension.php [Lines 23-57]
Old Code:
```php
/**
* {@inheritdoc}
*/
public function getNodeTranslators(): array
{
return [];
}
/**
* {@inheritdoc}
*/
public function getCombinationTranslators(): array
{
return [];
}
/**
* {@inheritdoc}
*/
public function getFunctionTranslators(): array
{
return [];
}
/**
* {@inheritdoc}
*/
public function getPseudoClassTranslators(): array
{
return [];
}
/**
* {@inheritdoc}
*/
public function getAttributeMatchingTranslators(): array
{
return [];
}
```
Fixed Code:
```php
public function getNodeTranslators(): array
{
return [];
}
public function getCombinationTranslators(): array
{
return [];
}
public function getFunctionTranslators(): array
{
return [];
}
public function getPseudoClassTranslators(): array
{
return [];
}
public function getAttributeMatchingTranslators(): array
{
return [];
}
```
Explanation:
This diff removes documentation comments (`{@inheritdoc}` tags) from abstract method implementations. This is a code cleanup/documentation change with no security implications. The functionality remains identical - the methods still return empty arrays as before. Removing inherited documentation comments does not introduce or fix any security vulnerabilities. This is purely a maintenance/style change to the codebase.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/XPath/Extension/AttributeMatchingExtension.php 2026-01-08 00:36:50.516266698 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/XPath/Extension/AttributeMatchingExtension.php 2026-01-07 00:41:19.797228035 +0000@@ -26,20 +26,17 @@ */ class AttributeMatchingExtension extends AbstractExtension {- /**- * {@inheritdoc}- */ public function getAttributeMatchingTranslators(): array { return [- 'exists' => [$this, 'translateExists'],- '=' => [$this, 'translateEquals'],- '~=' => [$this, 'translateIncludes'],- '|=' => [$this, 'translateDashMatch'],- '^=' => [$this, 'translatePrefixMatch'],- '$=' => [$this, 'translateSuffixMatch'],- '*=' => [$this, 'translateSubstringMatch'],- '!=' => [$this, 'translateDifferent'],+ 'exists' => $this->translateExists(...),+ '=' => $this->translateEquals(...),+ '~=' => $this->translateIncludes(...),+ '|=' => $this->translateDashMatch(...),+ '^=' => $this->translatePrefixMatch(...),+ '$=' => $this->translateSuffixMatch(...),+ '*=' => $this->translateSubstringMatch(...),+ '!=' => $this->translateDifferent(...), ]; } @@ -50,12 +47,12 @@ public function translateEquals(XPathExpr $xpath, string $attribute, ?string $value): XPathExpr {- return $xpath->addCondition(sprintf('%s = %s', $attribute, Translator::getXpathLiteral($value)));+ return $xpath->addCondition(\sprintf('%s = %s', $attribute, Translator::getXpathLiteral($value))); } public function translateIncludes(XPathExpr $xpath, string $attribute, ?string $value): XPathExpr {- return $xpath->addCondition($value ? sprintf(+ return $xpath->addCondition($value ? \sprintf( '%1$s and contains(concat(\' \', normalize-space(%1$s), \' \'), %2$s)', $attribute, Translator::getXpathLiteral(' '.$value.' ')@@ -64,7 +61,7 @@ public function translateDashMatch(XPathExpr $xpath, string $attribute, ?string $value): XPathExpr {- return $xpath->addCondition(sprintf(+ return $xpath->addCondition(\sprintf( '%1$s and (%1$s = %2$s or starts-with(%1$s, %3$s))', $attribute, Translator::getXpathLiteral($value),@@ -74,7 +71,7 @@ public function translatePrefixMatch(XPathExpr $xpath, string $attribute, ?string $value): XPathExpr {- return $xpath->addCondition($value ? sprintf(+ return $xpath->addCondition($value ? \sprintf( '%1$s and starts-with(%1$s, %2$s)', $attribute, Translator::getXpathLiteral($value)@@ -83,7 +80,7 @@ public function translateSuffixMatch(XPathExpr $xpath, string $attribute, ?string $value): XPathExpr {- return $xpath->addCondition($value ? sprintf(+ return $xpath->addCondition($value ? \sprintf( '%1$s and substring(%1$s, string-length(%1$s)-%2$s) = %3$s', $attribute, \strlen($value) - 1,@@ -93,7 +90,7 @@ public function translateSubstringMatch(XPathExpr $xpath, string $attribute, ?string $value): XPathExpr {- return $xpath->addCondition($value ? sprintf(+ return $xpath->addCondition($value ? \sprintf( '%1$s and contains(%1$s, %2$s)', $attribute, Translator::getXpathLiteral($value)@@ -102,16 +99,13 @@ public function translateDifferent(XPathExpr $xpath, string $attribute, ?string $value): XPathExpr {- return $xpath->addCondition(sprintf(+ return $xpath->addCondition(\sprintf( $value ? 'not(%1$s) or %1$s != %2$s' : '%s != %s', $attribute, Translator::getXpathLiteral($value) )); } - /**- * {@inheritdoc}- */ public function getName(): string { return 'attribute-matching';
I'll analyze this code diff for security vulnerabilities.
---
**Vulnerability Existed:** no
**No Vulnerabilities Found** - Code Style Update Only
**Explanation:**
This diff contains only code style and modernization changes with no security implications:
1. **Removed PHPDoc comments** - The `{@inheritdoc}` comments were removed, which is a documentation change, not a security issue.
2. **Array callback syntax modernization** - Changed from `[$this, 'methodName']` to `$this->methodName(...)` (first-class callable syntax introduced in PHP 8.1). Both forms are functionally equivalent and pose no security risk.
3. **Fully qualified function calls** - Changed `sprintf()` to `\sprintf()`. This is a code quality practice to explicitly reference the global namespace function, preventing potential namespace hijacking issues if a local `sprintf()` function were defined in this namespace. This is actually a **security improvement** that prevents potential function shadowing attacks, though no vulnerability existed in the original code since there was no shadowing occurring.
**Summary:** This is a clean-up/modernization patch. The change to use fully-qualified `\sprintf()` calls is a defensive best practice that prevents namespace pollution attacks, but the original code was not vulnerable. No active security vulnerabilities are being fixed or introduced by this diff.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/XPath/Extension/CombinationExtension.php 2026-01-08 00:36:50.516266698 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/XPath/Extension/CombinationExtension.php 2026-01-07 00:41:19.797228035 +0000@@ -25,16 +25,13 @@ */ class CombinationExtension extends AbstractExtension {- /**- * {@inheritdoc}- */ public function getCombinationTranslators(): array { return [- ' ' => [$this, 'translateDescendant'],- '>' => [$this, 'translateChild'],- '+' => [$this, 'translateDirectAdjacent'],- '~' => [$this, 'translateIndirectAdjacent'],+ ' ' => $this->translateDescendant(...),+ '>' => $this->translateChild(...),+ '+' => $this->translateDirectAdjacent(...),+ '~' => $this->translateIndirectAdjacent(...), ]; } @@ -61,9 +58,6 @@ return $xpath->join('/following-sibling::', $combinedXpath); } - /**- * {@inheritdoc}- */ public function getName(): string { return 'combination';
I'll analyze this code diff for security vulnerabilities.
Vulnerability Existed: **no**
**Code Style Update - Not a Security Issue** - N/A - vendor/symfony/css-selector/XPath/Extension/CombinationExtension.php - Lines 28-38
Old Code:
```php
return [
' ' => [$this, 'translateDescendant'],
'>' => [$this, 'translateChild'],
'+' => [$this, 'translateDirectAdjacent'],
'~' => [$this, 'translateIndirectAdjacent'],
];
```
Fixed Code:
```php
return [
' ' => $this->translateDescendant(...),
'>' => $this->translateChild(...),
'+' => $this->translateDirectAdjacent(...),
'~' => $this->translateIndirectAdjacent(...),
];
```
Explanation:
This diff shows a refactoring from the array callback syntax `[$this, 'methodName']` to first-class callable syntax `$this->methodName(...)` (introduced in PHP 8.1). This is a modernization change for code style and clarity, not a security fix. Both approaches are functionally equivalent and secure. The removal of docblock comments (`{@inheritdoc}`) also has no security implications—it's purely a documentation formatting change.
**Summary**: No security vulnerabilities are present in this diff. The changes represent code modernization only.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/XPath/Extension/FunctionExtension.php 2026-01-08 00:36:50.520266940 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/XPath/Extension/FunctionExtension.php 2026-01-07 00:41:19.797228035 +0000@@ -30,18 +30,15 @@ */ class FunctionExtension extends AbstractExtension {- /**- * {@inheritdoc}- */ public function getFunctionTranslators(): array { return [- 'nth-child' => [$this, 'translateNthChild'],- 'nth-last-child' => [$this, 'translateNthLastChild'],- 'nth-of-type' => [$this, 'translateNthOfType'],- 'nth-last-of-type' => [$this, 'translateNthLastOfType'],- 'contains' => [$this, 'translateContains'],- 'lang' => [$this, 'translateLang'],+ 'nth-child' => $this->translateNthChild(...),+ 'nth-last-child' => $this->translateNthLastChild(...),+ 'nth-of-type' => $this->translateNthOfType(...),+ 'nth-last-of-type' => $this->translateNthLastOfType(...),+ 'contains' => $this->translateContains(...),+ 'lang' => $this->translateLang(...), ]; } @@ -53,7 +50,7 @@ try { [$a, $b] = Parser::parseSeries($function->getArguments()); } catch (SyntaxErrorException $e) {- throw new ExpressionErrorException(sprintf('Invalid series: "%s".', implode('", "', $function->getArguments())), 0, $e);+ throw new ExpressionErrorException(\sprintf('Invalid series: "%s".', implode('", "', $function->getArguments())), 0, $e); } $xpath->addStarPrefix();@@ -86,10 +83,10 @@ $expr .= ' - '.$b; } - $conditions = [sprintf('%s %s 0', $expr, $sign)];+ $conditions = [\sprintf('%s %s 0', $expr, $sign)]; if (1 !== $a && -1 !== $a) {- $conditions[] = sprintf('(%s) mod %d = 0', $expr, $a);+ $conditions[] = \sprintf('(%s) mod %d = 0', $expr, $a); } return $xpath->addCondition(implode(' and ', $conditions));@@ -137,7 +134,7 @@ } } - return $xpath->addCondition(sprintf(+ return $xpath->addCondition(\sprintf( 'contains(string(.), %s)', Translator::getXpathLiteral($arguments[0]->getValue()) ));@@ -155,15 +152,12 @@ } } - return $xpath->addCondition(sprintf(+ return $xpath->addCondition(\sprintf( 'lang(%s)', Translator::getXpathLiteral($arguments[0]->getValue()) )); } - /**- * {@inheritdoc}- */ public function getName(): string { return 'function';
I'll analyze this code diff for security vulnerabilities.
**Vulnerability Existed: no**
**No CWE Vulnerability Identified**
**Old Code:**
```php
'nth-child' => [$this, 'translateNthChild'],
'nth-last-child' => [$this, 'translateNthLastChild'],
'nth-of-type' => [$this, 'translateNthOfType'],
'nth-last-of-type' => [$this, 'translateNthLastOfType'],
'contains' => [$this, 'translateContains'],
'lang' => [$this, 'translateLang'],
```
**Fixed Code:**
```php
'nth-child' => $this->translateNthChild(...),
'nth-last-child' => $this->translateNthLastChild(...),
'nth-of-type' => $this->translateNthOfType(...),
'nth-last-of-type' => $this->translateNthLastOfType(...),
'contains' => $this->translateContains(...),
'lang' => $this->translateLang(...),
```
**Explanation:**
This change replaces array-based callable syntax `[$this, 'method']` with first-class callable syntax `$this->method(...)` (PHP 8.1+). This is not a security fix but a modernization. Both syntaxes are functionally equivalent and equally secure.
---
**Vulnerability Existed: no**
**No CWE Vulnerability Identified**
**Old Code:**
```php
throw new ExpressionErrorException(sprintf('Invalid series: "%s".', implode('", "', $function->getArguments())), 0, $e);
$conditions = [sprintf('%s %s 0', $expr, $sign)];
$conditions[] = sprintf('(%s) mod %d = 0', $expr, $a);
return $xpath->addCondition(sprintf('contains(string(.), %s)', ...));
return $xpath->addCondition(sprintf('lang(%s)', ...));
```
**Fixed Code:**
```php
throw new ExpressionErrorException(\sprintf('Invalid series: "%s".', implode('", "', $function->getArguments())), 0, $e);
$conditions = [\sprintf('%s %s 0', $expr, $sign)];
$conditions[] = \sprintf('(%s) mod %d = 0', $expr, $a);
return $xpath->addCondition(\sprintf('contains(string(.), %s)', ...));
return $xpath->addCondition(\sprintf('lang(%s)', ...));
```
**Explanation:**
The changes replace bare `sprintf()` calls with fully qualified `\sprintf()` calls. This is not a security fix but a namespace clarification. Both are functionally identical—the backslash explicitly references the global namespace function. This is a code style improvement with no security implications.
---
**Summary:** This diff contains no security vulnerabilities. The changes are modernization updates (first-class callables syntax) and namespace clarification (fully qualified function calls), neither of which address or introduce security issues.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/XPath/Extension/HtmlExtension.php 2026-01-08 00:36:50.520266940 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/XPath/Extension/HtmlExtension.php 2026-01-07 00:41:19.797228035 +0000@@ -36,30 +36,24 @@ ->setFlag(NodeExtension::ATTRIBUTE_NAME_IN_LOWER_CASE, true); } - /**- * {@inheritdoc}- */ public function getPseudoClassTranslators(): array { return [- 'checked' => [$this, 'translateChecked'],- 'link' => [$this, 'translateLink'],- 'disabled' => [$this, 'translateDisabled'],- 'enabled' => [$this, 'translateEnabled'],- 'selected' => [$this, 'translateSelected'],- 'invalid' => [$this, 'translateInvalid'],- 'hover' => [$this, 'translateHover'],- 'visited' => [$this, 'translateVisited'],+ 'checked' => $this->translateChecked(...),+ 'link' => $this->translateLink(...),+ 'disabled' => $this->translateDisabled(...),+ 'enabled' => $this->translateEnabled(...),+ 'selected' => $this->translateSelected(...),+ 'invalid' => $this->translateInvalid(...),+ 'hover' => $this->translateHover(...),+ 'visited' => $this->translateVisited(...), ]; } - /**- * {@inheritdoc}- */ public function getFunctionTranslators(): array { return [- 'lang' => [$this, 'translateLang'],+ 'lang' => $this->translateLang(...), ]; } @@ -148,7 +142,7 @@ } } - return $xpath->addCondition(sprintf(+ return $xpath->addCondition(\sprintf( 'ancestor-or-self::*[@lang][1][starts-with(concat(' ."translate(@%s, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), '-')" .', %s)]',@@ -177,9 +171,6 @@ return $xpath->addCondition('0'); } - /**- * {@inheritdoc}- */ public function getName(): string { return 'html';
```
Vulnerability Existed: no
No vulnerabilities detected - Security fixes applied
File: vendor/symfony/css-selector/XPath/Extension/HtmlExtension.php
Lines: 36-180
Explanation:
This diff contains code modernization changes that do NOT introduce or fix security vulnerabilities:
1. **Removed Documentation Comments** (Lines 39, 53, 180): Removal of `{@inheritdoc}` PHPDoc comments is a code style change with no security impact.
2. **Array Callable Syntax Change** (Lines 44-51, 57):
- Old: `[$this, 'methodName']` - Array callable syntax
- New: `$this->methodName(...)` - First-class callable syntax (PHP 8.1+)
Both syntaxes are functionally equivalent. The first-class callable syntax is actually slightly safer as it:
- Performs method existence validation at parse-time rather than runtime
- Provides better type safety with modern PHP tooling
- Does NOT introduce any security vulnerability
3. **sprintf() to \sprintf()** (Line 145):
- Old: `sprintf(...)` - Global namespace function
- New: `\sprintf(...)` - Explicit global namespace reference
This is a code clarity change with no security impact. Both are identical - the backslash simply makes the global namespace reference explicit.
**Conclusion:** This diff represents PHP code modernization to align with PHP 8.1+ standards and improve code clarity. No security vulnerabilities were introduced or fixed. The changes maintain backward compatibility in behavior while adopting newer language features.
```
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/XPath/Extension/NodeExtension.php 2026-01-08 00:36:50.524267183 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/XPath/Extension/NodeExtension.php 2026-01-07 00:41:19.797228035 +0000@@ -59,21 +59,18 @@ return (bool) ($this->flags & $flag); } - /**- * {@inheritdoc}- */ public function getNodeTranslators(): array { return [- 'Selector' => [$this, 'translateSelector'],- 'CombinedSelector' => [$this, 'translateCombinedSelector'],- 'Negation' => [$this, 'translateNegation'],- 'Function' => [$this, 'translateFunction'],- 'Pseudo' => [$this, 'translatePseudo'],- 'Attribute' => [$this, 'translateAttribute'],- 'Class' => [$this, 'translateClass'],- 'Hash' => [$this, 'translateHash'],- 'Element' => [$this, 'translateElement'],+ 'Selector' => $this->translateSelector(...),+ 'CombinedSelector' => $this->translateCombinedSelector(...),+ 'Negation' => $this->translateNegation(...),+ 'Function' => $this->translateFunction(...),+ 'Pseudo' => $this->translatePseudo(...),+ 'Attribute' => $this->translateAttribute(...),+ 'Class' => $this->translateClass(...),+ 'Hash' => $this->translateHash(...),+ 'Element' => $this->translateElement(...), ]; } @@ -94,7 +91,7 @@ $subXpath->addNameTest(); if ($subXpath->getCondition()) {- return $xpath->addCondition(sprintf('not(%s)', $subXpath->getCondition()));+ return $xpath->addCondition(\sprintf('not(%s)', $subXpath->getCondition())); } return $xpath->addCondition('0');@@ -124,11 +121,11 @@ } if ($node->getNamespace()) {- $name = sprintf('%s:%s', $node->getNamespace(), $name);+ $name = \sprintf('%s:%s', $node->getNamespace(), $name); $safe = $safe && $this->isSafeName($node->getNamespace()); } - $attribute = $safe ? '@'.$name : sprintf('attribute::*[name() = %s]', Translator::getXpathLiteral($name));+ $attribute = $safe ? '@'.$name : \sprintf('attribute::*[name() = %s]', Translator::getXpathLiteral($name)); $value = $node->getValue(); $xpath = $translator->nodeToXPath($node->getSelector()); @@ -169,7 +166,7 @@ } if ($node->getNamespace()) {- $element = sprintf('%s:%s', $node->getNamespace(), $element);+ $element = \sprintf('%s:%s', $node->getNamespace(), $element); $safe = $safe && $this->isSafeName($node->getNamespace()); } @@ -182,9 +179,6 @@ return $xpath; } - /**- * {@inheritdoc}- */ public function getName(): string { return 'node';
I'll analyze this code diff for security vulnerabilities.
Vulnerability Existed: no
No Security Vulnerabilities Detected - Code Quality Improvements Only
Explanation:
This diff contains only code modernization and style improvements with no security implications:
1. **Removed Documentation Comments** (Lines 62-64, 185-187): The `{@inheritdoc}` PHPDoc tags were removed. This is a documentation change, not a security fix.
2. **First-Class Callable Syntax** (Lines 66-74): Changed from array callbacks `[$this, 'method']` to PHP 8.1+ first-class callable syntax `$this->method(...)`. This is functionally equivalent and has no security impact. Both syntaxes produce the same callable result.
3. **Fully Qualified Function Calls** (Lines 97, 124, 127, 169): Changed from `sprintf()` to `\sprintf()`. This uses fully qualified function names to avoid potential namespace conflicts. This is a code quality improvement (avoiding function name conflicts in namespaced code) but does not fix or address any actual security vulnerability. The `sprintf()` function itself is not vulnerable, and this change only ensures it calls the global namespace function explicitly rather than potentially calling a locally defined one.
**Summary**: This diff represents code modernization to PHP 8.1+ standards and coding style improvements. There are no security vulnerabilities being fixed here, and the original code contained no exploitable security issues that this diff addresses.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/XPath/Extension/PseudoClassExtension.php 2026-01-08 00:36:50.524267183 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/XPath/Extension/PseudoClassExtension.php 2026-01-07 00:41:19.797228035 +0000@@ -26,20 +26,18 @@ */ class PseudoClassExtension extends AbstractExtension {- /**- * {@inheritdoc}- */ public function getPseudoClassTranslators(): array { return [- 'root' => [$this, 'translateRoot'],- 'first-child' => [$this, 'translateFirstChild'],- 'last-child' => [$this, 'translateLastChild'],- 'first-of-type' => [$this, 'translateFirstOfType'],- 'last-of-type' => [$this, 'translateLastOfType'],- 'only-child' => [$this, 'translateOnlyChild'],- 'only-of-type' => [$this, 'translateOnlyOfType'],- 'empty' => [$this, 'translateEmpty'],+ 'root' => $this->translateRoot(...),+ 'scope' => $this->translateScopePseudo(...),+ 'first-child' => $this->translateFirstChild(...),+ 'last-child' => $this->translateLastChild(...),+ 'first-of-type' => $this->translateFirstOfType(...),+ 'last-of-type' => $this->translateLastOfType(...),+ 'only-child' => $this->translateOnlyChild(...),+ 'only-of-type' => $this->translateOnlyOfType(...),+ 'empty' => $this->translateEmpty(...), ]; } @@ -48,6 +46,11 @@ return $xpath->addCondition('not(parent::*)'); } + public function translateScopePseudo(XPathExpr $xpath): XPathExpr+ {+ return $xpath->addCondition('1');+ }+ public function translateFirstChild(XPathExpr $xpath): XPathExpr { return $xpath@@ -104,7 +107,7 @@ { $element = $xpath->getElement(); - return $xpath->addCondition(sprintf('count(preceding-sibling::%s)=0 and count(following-sibling::%s)=0', $element, $element));+ return $xpath->addCondition(\sprintf('count(preceding-sibling::%s)=0 and count(following-sibling::%s)=0', $element, $element)); } public function translateEmpty(XPathExpr $xpath): XPathExpr@@ -112,9 +115,6 @@ return $xpath->addCondition('not(*) and not(string-length())'); } - /**- * {@inheritdoc}- */ public function getName(): string { return 'pseudo-class';
I'll analyze this code diff for security vulnerabilities.
Vulnerability Existed: no
No Security Vulnerabilities Detected - [N/A] - vendor/symfony/css-selector/XPath/Extension/PseudoClassExtension.php
Old Code:
```php
'root' => [$this, 'translateRoot'],
'first-child' => [$this, 'translateFirstChild'],
...
return $xpath->addCondition(sprintf('count(preceding-sibling::%s)=0 and count(following-sibling::%s)=0', $element, $element));
```
Fixed Code:
```php
'root' => $this->translateRoot(...),
'scope' => $this->translateScopePseudo(...),
'first-child' => $this->translateFirstChild(...),
...
return $xpath->addCondition(\sprintf('count(preceding-sibling::%s)=0 and count(following-sibling::%s)=0', $element, $element));
```
Explanation:
This diff contains only code modernization changes with no security fixes or vulnerabilities:
1. **Callback syntax update**: Changed from array-style callables `[$this, 'method']` to PHP 8.1+ first-class callable syntax `$this->method(...)`. Both are functionally equivalent with no security implications.
2. **New pseudo-class handler**: Added `'scope' => $this->translateScopePseudo(...)` which simply returns `$xpath->addCondition('1')` - a valid no-op condition that doesn't introduce vulnerability.
3. **Namespace qualification**: Added backslash prefix to `sprintf()` as `\sprintf()`. This is a minor optimization but has no security impact - both reference the same built-in function.
4. **Documentation removal**: Removed `{@inheritdoc}` PHPDoc comments - purely cosmetic with no security implications.
These are stylistic and compatibility updates to modernize the codebase for PHP 8.1+, not security fixes addressing vulnerabilities.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/XPath/Translator.php 2026-01-08 00:36:50.524267183 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/XPath/Translator.php 2026-01-07 00:41:19.797228035 +0000@@ -30,7 +30,7 @@ */ class Translator implements TranslatorInterface {- private $mainParser;+ private ParserInterface $mainParser; /** * @var ParserInterface[]@@ -48,7 +48,7 @@ private array $pseudoClassTranslators = []; private array $attributeMatchingTranslators = []; - public function __construct(ParserInterface $parser = null)+ public function __construct(?ParserInterface $parser = null) { $this->mainParser = $parser ?? new Parser(); @@ -75,7 +75,7 @@ $parts = []; while (true) { if (false !== $pos = strpos($string, "'")) {- $parts[] = sprintf("'%s'", substr($string, 0, $pos));+ $parts[] = \sprintf("'%s'", substr($string, 0, $pos)); $parts[] = "\"'\""; $string = substr($string, $pos + 1); } else {@@ -84,12 +84,9 @@ } } - return sprintf('concat(%s)', implode(', ', $parts));+ return \sprintf('concat(%s)', implode(', ', $parts)); } - /**- * {@inheritdoc}- */ public function cssToXPath(string $cssExpr, string $prefix = 'descendant-or-self::'): string { $selectors = $this->parseSelectors($cssExpr);@@ -106,9 +103,6 @@ return implode(' | ', $selectors); } - /**- * {@inheritdoc}- */ public function selectorToXPath(SelectorNode $selector, string $prefix = 'descendant-or-self::'): string { return ($prefix ?: '').$this->nodeToXPath($selector);@@ -136,7 +130,7 @@ public function getExtension(string $name): Extension\ExtensionInterface { if (!isset($this->extensions[$name])) {- throw new ExpressionErrorException(sprintf('Extension "%s" not registered.', $name));+ throw new ExpressionErrorException(\sprintf('Extension "%s" not registered.', $name)); } return $this->extensions[$name];@@ -158,7 +152,7 @@ public function nodeToXPath(NodeInterface $node): XPathExpr { if (!isset($this->nodeTranslators[$node->getNodeName()])) {- throw new ExpressionErrorException(sprintf('Node "%s" not supported.', $node->getNodeName()));+ throw new ExpressionErrorException(\sprintf('Node "%s" not supported.', $node->getNodeName())); } return $this->nodeTranslators[$node->getNodeName()]($node, $this);@@ -170,7 +164,7 @@ public function addCombination(string $combiner, NodeInterface $xpath, NodeInterface $combinedXpath): XPathExpr { if (!isset($this->combinationTranslators[$combiner])) {- throw new ExpressionErrorException(sprintf('Combiner "%s" not supported.', $combiner));+ throw new ExpressionErrorException(\sprintf('Combiner "%s" not supported.', $combiner)); } return $this->combinationTranslators[$combiner]($this->nodeToXPath($xpath), $this->nodeToXPath($combinedXpath));@@ -182,7 +176,7 @@ public function addFunction(XPathExpr $xpath, FunctionNode $function): XPathExpr { if (!isset($this->functionTranslators[$function->getName()])) {- throw new ExpressionErrorException(sprintf('Function "%s" not supported.', $function->getName()));+ throw new ExpressionErrorException(\sprintf('Function "%s" not supported.', $function->getName())); } return $this->functionTranslators[$function->getName()]($xpath, $function);@@ -194,7 +188,7 @@ public function addPseudoClass(XPathExpr $xpath, string $pseudoClass): XPathExpr { if (!isset($this->pseudoClassTranslators[$pseudoClass])) {- throw new ExpressionErrorException(sprintf('Pseudo-class "%s" not supported.', $pseudoClass));+ throw new ExpressionErrorException(\sprintf('Pseudo-class "%s" not supported.', $pseudoClass)); } return $this->pseudoClassTranslators[$pseudoClass]($xpath);@@ -206,7 +200,7 @@ public function addAttributeMatching(XPathExpr $xpath, string $operator, string $attribute, ?string $value): XPathExpr { if (!isset($this->attributeMatchingTranslators[$operator])) {- throw new ExpressionErrorException(sprintf('Attribute matcher operator "%s" not supported.', $operator));+ throw new ExpressionErrorException(\sprintf('Attribute matcher operator "%s" not supported.', $operator)); } return $this->attributeMatchingTranslators[$operator]($xpath, $attribute, $value);@@ -220,7 +214,7 @@ foreach ($this->shortcutParsers as $shortcut) { $tokens = $shortcut->parse($css); - if (!empty($tokens)) {+ if ($tokens) { return $tokens; } }
I'll analyze this code diff for security vulnerabilities.
**Vulnerability Existed: no**
**Code Style and Type Safety Improvements - No Security Vulnerabilities**
**Analysis:**
The diff contains the following changes:
1. **Type declarations** (lines 33, 51): Adding explicit type hints (`ParserInterface $mainParser`, `?ParserInterface $parser`) - improves type safety but doesn't fix security vulnerabilities.
2. **Fully qualified function calls** (lines 78, 87, 133, 155, 167, 179, 191, 203): Changing `sprintf()` to `\sprintf()` - this is a code style change with no security impact.
3. **Removed documentation comments** (lines 88-90, 106-108): Removing `{@inheritdoc}` PHPDoc comments - no security impact.
4. **Simplified condition** (line 217): Changing `if (!empty($tokens))` to `if ($tokens)` - no security impact.
**Explanation:**
This diff contains **no security fixes**. The changes are purely:
- **Code quality improvements**: Adding type hints for better static analysis and IDE support
- **Code style standardization**: Using fully qualified function names (`\sprintf` vs `sprintf`)
- **Documentation cleanup**: Removing redundant PHPDoc comments
- **Logic simplification**: Cleaner conditional checks
None of these changes address security vulnerabilities. There are no indications of SQL injection, XSS, CSRF, authentication/authorization issues, or other OWASP top 10 vulnerabilities being fixed in this diff. The original code at lines 78, 87, 133, 155, 167, 179, 191, and 203 using `sprintf()` directly was not vulnerable - `sprintf()` is a safe string formatting function that doesn't create injection vulnerabilities when used correctly.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.
--- cache/learnpress_4.3.2/vendor/symfony/css-selector/XPath/XPathExpr.php 2026-01-08 00:36:50.528267425 +0000+++ cache/learnpress_4.3.2.1/vendor/symfony/css-selector/XPath/XPathExpr.php 2026-01-07 00:41:19.801228278 +0000@@ -48,7 +48,7 @@ */ public function addCondition(string $condition): static {- $this->condition = $this->condition ? sprintf('(%s) and (%s)', $this->condition, $condition) : $condition;+ $this->condition = $this->condition ? \sprintf('(%s) and (%s)', $this->condition, $condition) : $condition; return $this; }
Vulnerability Existed: no
No CWE Vulnerability Identified - File: vendor/symfony/css-selector/XPath/XPathExpr.php [Line 51]
Old Code:
```php
$this->condition = $this->condition ? sprintf('(%s) and (%s)', $this->condition, $condition) : $condition;
```
Fixed Code:
```php
$this->condition = $this->condition ? \sprintf('(%s) and (%s)', $this->condition, $condition) : $condition;
```
Explanation:
This change adds a namespace prefix (`\`) to the `sprintf()` function call, changing it from `sprintf()` to `\sprintf()`. This is a code style/namespace resolution improvement, not a security fix. The backslash explicitly references the global namespace function, ensuring the built-in `sprintf()` is called even if a `sprintf()` function is defined in the current namespace. This is a best practice in PHP but does not address any actual security vulnerability in the original code. Both versions are functionally equivalent and secure.
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the catch_lp_ajax function in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to modify course contents by adding/removing/updating/re-ordering sections or modifying section items.