CVE-2026-25002

Name: Websites susceptible to CVE-2026-25002
Creator: WebTechSurvey

CVE-2026-25002

WordPress LearnPress – Sepay Payment plugin <= 4.0.0 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress – Sepay Payment learnpress-sepay-payment allows Authentication Abuse.This issue affects LearnPress – Sepay Payment: from n/a through <= 4.0.0.

We have discovered 1,006 live websites that are affected by CVE-2026-25002.

Run a Free Instant Scan

Affected Software


Product	LearnPress
Category	Learning Management System
Vulnerable Domains	1,006 live websites (10% of LearnPress install base)
Vulnerable Versions	from 0 through 4
Vulnerable Versions Count	49 versions ( 31% of all versions)

Available Reports

Website List

Details

Published - Mar 25, 2026
Updated - Apr 29, 2026

Credits

Arif Shaikh | Patchstack Bug Bounty Program (finder)

CVE References

Website Distribution by Country

Number of websites using CVE-2026-25002

United States	210 websites

Spain	65 websites
Italy	58 websites
Russia	57 websites
Germany	53 websites
India	49 websites
France	42 websites
Brazil	35 websites
Poland	32 websites
GB	31 websites

Website Distribution by TLD

Number of websites using CVE-2026-25002

.com	394 websites
.org	51 websites
.ru	42 websites
.it	35 websites
.com.br	29 websites
.es	23 websites
.pl	21 websites
.eu	20 websites
.de	18 websites
.net	17 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2026-25002

Top websites that are affected by CVE-2026-25002. Please click on the "Contact us" link to get more information.

Domain	Country	Rank
********************.fr	France	*,*
*******.com	United States	*,*
************.com	France	*,*
******.**.cz	Czech Republic	,,*
***************.it	Italy	,,*
***************.it	Italy	,,*
********.******.ro	Romania	,,*
***************.com	Belgium	,,*
****.es	United States	,,*
*.*.ng	Nigeria	,,*