An unauthenticated SQL Injection vulnerability is found in LearnPress WordPress Plugin versions up to 4.2.7. This flaw exists in the c_only_fields parameter of the LearnPress API endpoint, allowing attackers to execute malicious SQL commands through API requests without authentication. Successful exploitation could result in unauthorized database access, potential exposure of sensitive data, or even granting administrative control through database manipulation.