Academy LMS Pro <= 3.3.7 - Unauthenticated Privilege Escalation via Social Login Addon
Plattform
wordpress
Komponente
academy-lms-pro
Behoben in
3.3.8
CVE-2025-11086 describes a privilege escalation vulnerability within the Academy LMS Pro WordPress plugin, a tool designed for creating and managing eLearning solutions. This flaw allows unauthenticated attackers to gain administrative access to a WordPress site by exploiting improper role validation during user registration through the Social Login addon. The vulnerability impacts versions 0.0.0 through 3.3.7, and a patch is expected from the vendor.
Erkenne diese CVE in deinem Projekt
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Auswirkungen und Angriffsszenarienwird übersetzt…
The primary impact of CVE-2025-11086 is the potential for complete site takeover. An attacker exploiting this vulnerability can register an account and immediately elevate their role to Administrator. This grants them full control over the WordPress site, including the ability to modify content, install malicious plugins, access sensitive data, and potentially compromise other connected systems. The ease of exploitation, requiring only a successful registration, significantly increases the risk. This vulnerability shares similarities with other privilege escalation flaws where inadequate role-based access controls are implemented.
Ausnutzungskontextwird übersetzt…
CVE-2025-11086 was publicly disclosed on 2025-10-22. The EPSS score is likely to be medium, given the ease of exploitation and the potential for significant impact. Public proof-of-concept (POC) code is anticipated to be released shortly, increasing the likelihood of exploitation. Monitor security advisories and threat intelligence feeds for updates on exploitation activity.
Wer Ist Gefährdetwird übersetzt…
WordPress sites utilizing the Academy LMS Pro plugin, particularly those relying on the Social Login addon for user registration, are at risk. Shared hosting environments where multiple WordPress installations share resources are especially vulnerable, as a compromise of one site could potentially lead to lateral movement to others. Sites with outdated plugin versions are also at increased risk.
Erkennungsschrittewird übersetzt…
• wordpress / composer / npm:
grep -r 'wp_set_current_user' /var/www/html/wp-content/plugins/academy-lms-pro/• wordpress / composer / npm:
wp plugin list --status=active | grep academy-lms-pro• wordpress / composer / npm:
curl -I https://your-wordpress-site.com/wp-login.php | grep -i 'role=administrator'Angriffszeitlinie
- Disclosure
disclosure
Bedrohungsanalyse
Exploit-Status
EPSS
0.08% (24% Perzentil)
CISA SSVC
CVSS-Vektor
Was bedeuten diese Metriken?
- Attack Vector
- Netzwerk — aus der Ferne über das Internet ausnutzbar. Kein physischer oder lokaler Zugriff erforderlich.
- Attack Complexity
- Hoch — erfordert eine Race-Condition, Nicht-Standard-Konfiguration oder spezifische Umstände.
- Privileges Required
- Keine — ohne Authentifizierung ausnutzbar. Keine Zugangsdaten erforderlich.
- User Interaction
- Keine — automatischer und lautloser Angriff. Das Opfer tut nichts.
- Scope
- Unverändert — Auswirkung auf das anfällige Komponente beschränkt.
- Confidentiality
- Hoch — vollständiger Vertraulichkeitsverlust. Angreifer kann alle Daten lesen.
- Integrity
- Hoch — Angreifer kann beliebige Daten schreiben, ändern oder löschen.
- Availability
- Hoch — vollständiger Absturz oder Ressourcenerschöpfung. Totaler Denial of Service.
Betroffene Software
Schwachstellen-Klassifikation (CWE)
Zeitleiste
- Reserviert
- Veröffentlicht
- Geändert
- EPSS aktualisiert
Mitigation und Workaroundswird übersetzt…
The primary mitigation for CVE-2025-11086 is to upgrade the Academy LMS Pro plugin to a version containing the security fix. If immediate upgrading is not possible due to compatibility issues or breaking changes, consider temporarily disabling the Social Login addon to prevent new account registrations from being exploited. Web Application Firewall (WAF) rules can be implemented to block suspicious registration attempts, specifically looking for requests that attempt to set the user role to 'administrator' during registration. Monitor WordPress user accounts for unexpected administrator accounts created around the time of the vulnerability's disclosure.
So behebenwird übersetzt…
Actualice el plugin Academy LMS Pro a una versión corregida (3.3.8 o superior) para mitigar la vulnerabilidad de escalada de privilegios. Asegúrese de realizar una copia de seguridad completa de su sitio web antes de actualizar el plugin.
CVE-Sicherheitsnewsletter
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
Häufig gestellte Fragenwird übersetzt…
What is CVE-2025-11086 — Privilege Escalation in Academy LMS Pro?
CVE-2025-11086 is a vulnerability allowing unauthenticated attackers to gain administrator privileges in Academy LMS Pro WordPress plugins versions 0.0.0–3.3.7 through improper role validation during user registration.
Am I affected by CVE-2025-11086 in Academy LMS Pro?
If you are using Academy LMS Pro version 0.0.0 through 3.3.7 and have the Social Login addon enabled, you are potentially affected by this vulnerability.
How do I fix CVE-2025-11086 in Academy LMS Pro?
Upgrade the Academy LMS Pro plugin to a patched version. If upgrading is not immediately possible, disable the Social Login addon as a temporary workaround.
Is CVE-2025-11086 being actively exploited?
While active exploitation is not yet confirmed, the vulnerability's ease of exploitation suggests it is likely to be targeted soon after public disclosure.
Where can I find the official Academy LMS Pro advisory for CVE-2025-11086?
Refer to the Academy LMS Pro website and WordPress plugin repository for official advisories and updates regarding CVE-2025-11086.
Ist dein Projekt betroffen?
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.