Academy LMS Pro <= 3.3.7 - Ongeautoriseerde Privilege Escalatie via Social Login Addon
Platform
wordpress
Component
academy-lms-pro
Opgelost in
3.3.8
CVE-2025-11086 describes a privilege escalation vulnerability within the Academy LMS Pro WordPress plugin, a tool designed for creating and managing eLearning solutions. This flaw allows unauthenticated attackers to gain administrative access to a WordPress site by exploiting improper role validation during user registration through the Social Login addon. The vulnerability impacts versions 0.0.0 through 3.3.7, and a patch is expected from the vendor.
Detecteer deze CVE in je project
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Impact en Aanvalsscenarioswordt vertaald…
The primary impact of CVE-2025-11086 is the potential for complete site takeover. An attacker exploiting this vulnerability can register an account and immediately elevate their role to Administrator. This grants them full control over the WordPress site, including the ability to modify content, install malicious plugins, access sensitive data, and potentially compromise other connected systems. The ease of exploitation, requiring only a successful registration, significantly increases the risk. This vulnerability shares similarities with other privilege escalation flaws where inadequate role-based access controls are implemented.
Uitbuitingscontextwordt vertaald…
CVE-2025-11086 was publicly disclosed on 2025-10-22. The EPSS score is likely to be medium, given the ease of exploitation and the potential for significant impact. Public proof-of-concept (POC) code is anticipated to be released shortly, increasing the likelihood of exploitation. Monitor security advisories and threat intelligence feeds for updates on exploitation activity.
Wie Loopt Risicowordt vertaald…
WordPress sites utilizing the Academy LMS Pro plugin, particularly those relying on the Social Login addon for user registration, are at risk. Shared hosting environments where multiple WordPress installations share resources are especially vulnerable, as a compromise of one site could potentially lead to lateral movement to others. Sites with outdated plugin versions are also at increased risk.
Detectiestappenwordt vertaald…
• wordpress / composer / npm:
grep -r 'wp_set_current_user' /var/www/html/wp-content/plugins/academy-lms-pro/• wordpress / composer / npm:
wp plugin list --status=active | grep academy-lms-pro• wordpress / composer / npm:
curl -I https://your-wordpress-site.com/wp-login.php | grep -i 'role=administrator'Aanvalstijdlijn
- Disclosure
disclosure
Dreigingsinformatie
Exploit Status
EPSS
0.08% (24% percentiel)
CISA SSVC
CVSS-vector
Wat betekenen deze metrics?
- Attack Vector
- Netwerk — op afstand uitbuitbaar via internet. Geen fysieke of lokale toegang vereist.
- Attack Complexity
- Hoog — vereist een race condition, niet-standaard configuratie of specifieke omstandigheden.
- Privileges Required
- Geen — geen authenticatie vereist om te exploiteren.
- User Interaction
- Geen — automatische en stille aanval. Slachtoffer doet niets.
- Scope
- Ongewijzigd — impact beperkt tot het kwetsbare component.
- Confidentiality
- Hoog — volledig verlies van vertrouwelijkheid. Aanvaller kan alle gegevens lezen.
- Integrity
- Hoog — aanvaller kan alle gegevens schrijven, aanpassen of verwijderen.
- Availability
- Hoog — volledige crash of uitputting van resources. Totale denial of service.
Getroffen Software
Zwakheidsclassificatie (CWE)
Tijdlijn
- Gereserveerd
- Gepubliceerd
- Gewijzigd
- EPSS bijgewerkt
Mitigatie en Workaroundswordt vertaald…
The primary mitigation for CVE-2025-11086 is to upgrade the Academy LMS Pro plugin to a version containing the security fix. If immediate upgrading is not possible due to compatibility issues or breaking changes, consider temporarily disabling the Social Login addon to prevent new account registrations from being exploited. Web Application Firewall (WAF) rules can be implemented to block suspicious registration attempts, specifically looking for requests that attempt to set the user role to 'administrator' during registration. Monitor WordPress user accounts for unexpected administrator accounts created around the time of the vulnerability's disclosure.
Hoe te verhelpenwordt vertaald…
Actualice el plugin Academy LMS Pro a una versión corregida (3.3.8 o superior) para mitigar la vulnerabilidad de escalada de privilegios. Asegúrese de realizar una copia de seguridad completa de su sitio web antes de actualizar el plugin.
CVE Beveiligingsnieuwsbrief
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
Veelgestelde vragenwordt vertaald…
What is CVE-2025-11086 — Privilege Escalation in Academy LMS Pro?
CVE-2025-11086 is a vulnerability allowing unauthenticated attackers to gain administrator privileges in Academy LMS Pro WordPress plugins versions 0.0.0–3.3.7 through improper role validation during user registration.
Am I affected by CVE-2025-11086 in Academy LMS Pro?
If you are using Academy LMS Pro version 0.0.0 through 3.3.7 and have the Social Login addon enabled, you are potentially affected by this vulnerability.
How do I fix CVE-2025-11086 in Academy LMS Pro?
Upgrade the Academy LMS Pro plugin to a patched version. If upgrading is not immediately possible, disable the Social Login addon as a temporary workaround.
Is CVE-2025-11086 being actively exploited?
While active exploitation is not yet confirmed, the vulnerability's ease of exploitation suggests it is likely to be targeted soon after public disclosure.
Where can I find the official Academy LMS Pro advisory for CVE-2025-11086?
Refer to the Academy LMS Pro website and WordPress plugin repository for official advisories and updates regarding CVE-2025-11086.
Is jouw project getroffen?
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.