Plattform
wordpress
Komponente
lizza-lms-pro
Behoben in
1.0.4
CVE-2025-13563 describes a critical Privilege Escalation vulnerability affecting Lizza LMS Pro, a WordPress plugin. This flaw allows unauthenticated attackers to bypass role restrictions during user registration, potentially granting them administrator privileges. The vulnerability impacts versions 1.0.0 through 1.0.3, and a patch is available in version 1.0.4.
The impact of this vulnerability is severe. An attacker exploiting CVE-2025-13563 can gain complete control over a WordPress site running an affected version of Lizza LMS Pro. This includes the ability to modify content, install malicious plugins, steal sensitive data, and potentially pivot to other systems on the network. The ease of exploitation – requiring only a registration request – significantly increases the risk. This vulnerability shares similarities with other WordPress privilege escalation flaws where improper role assignment during registration is exploited, potentially leading to widespread compromise.
CVE-2025-13563 was publicly disclosed on 2026-02-19. The vulnerability's high CVSS score and ease of exploitation suggest a medium probability of exploitation. No public proof-of-concept (PoC) code has been publicly released at the time of writing, but the simplicity of the attack vector makes it likely that PoCs will emerge. Monitor security advisories and vulnerability databases for updates.
Exploit-Status
EPSS
0.10% (28% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-13563 is to immediately upgrade Lizza LMS Pro to version 1.0.4 or later. If upgrading is not immediately feasible, consider temporarily disabling user registration through the WordPress admin panel to prevent new administrator accounts from being created. While not a complete solution, implementing a Web Application Firewall (WAF) rule to block registration requests with the 'administrator' role specified can provide a temporary layer of protection. Regularly review user accounts and permissions for any suspicious activity.
Aktualisieren Sie auf Version 1.0.4 oder eine neuere gepatchte Version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-13563 is a critical vulnerability in Lizza LMS Pro WordPress plugin allowing unauthenticated attackers to gain administrator access by exploiting a flaw in user registration. It impacts versions 1.0.0 through 1.0.3.
You are affected if your WordPress site uses Lizza LMS Pro version 1.0.0, 1.0.1, 1.0.2, or 1.0.3. Check your plugin version immediately to determine your risk level.
Upgrade Lizza LMS Pro to version 1.0.4 or later to resolve the vulnerability. If immediate upgrade is not possible, implement temporary workarounds like WAF rules to block suspicious registration attempts.
While no active exploitation has been confirmed, the vulnerability's ease of exploitation suggests a high likelihood of exploitation. Monitor security advisories and threat intelligence feeds.
Refer to the official Lizza LMS Pro website or the WordPress plugin repository for the latest security advisory and update information regarding CVE-2025-13563.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.