A vulnerability classified as problematic was found in ThimPress LearnPress Plugin up to 4.3.6 on WordPress. Affected by this issue is some unknown functionality of the file /wp-json/lp/v1/courses/archive-course . Executing a manipulation of the argument return_type can lead to missing authorization. This vulnerability is registered as CVE-2026-8502 . It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.