CVE-2025-6042

CVSS v3.1

7.3

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Lisfinity Core plugin versions prior to 1.4.1

Description The Lisfinity Core plugin for the pebas® Lisfinity WordPress theme is susceptible to privilege escalation. This is a result of the plugin assigning the editor role by default without restricting API usage. This issue can be combined with another to gain administrator privileges.

Recommendations Update the Lisfinity Core plugin to version 1.4.1 or later.

Fix

LPE

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2025-6042

Affected Products

Lisfinity

Lisfinity Core

CVE-2025-6042

Weakness Enumeration

Related Identifiers

Affected Products

References · 5