PT-2026-3572 · WordPress · Wordpress+1
Sarawut Poolkhet
·
Publicado
2026-01-20
·
Atualizado
2026-01-20
·
CVE-2025-15347
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Creator LMS – The LMS for Creators, Coaches, and Trainers plugin for WordPress versions up to and including 1.1.12
Description
The Creator LMS plugin for WordPress is susceptible to unauthorized data modification, potentially leading to privilege escalation. An attacker with contributor-level access or higher can update arbitrary WordPress options due to a missing capability check within the
get items permissions check function.Recommendations
Update to version 1.1.13 or later.
Correção
LPE
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Creator Lms
Wordpress