CVE-2025-5483

Name of the Vulnerable Software and Affected Versions LC Wizard plugin for WordPress versions 1.2.10 through 1.3.0

Description The LC Wizard plugin for WordPress has a flaw that allows lower-privileged users to escalate to administrator rights. This is due to a missing capability check in the ghl-wizard/inc/wp user.php file. Unauthenticated attackers can exploit this to create new user accounts with administrator privileges when the PRO functionality is enabled.

Recommendations Versions 1.2.10 through 1.3.0 should be updated to a newer version that addresses this issue. As a temporary workaround, consider disabling the PRO functionality until a patch is available.