A vulnerability described as critical has been identified in ThimPress LearnPress Plugin up to 4.1.4 on WordPress. Affected is an unknown function. Such manipulation of the argument import-user-file leads to path traversal. This vulnerability is listed as CVE-2026-7565 . The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.