CVE-2025-13559

Name of the Vulnerable Software and Affected Versions EduKart Pro plugin for WordPress versions up to and including 1.0.3

Description The EduKart Pro plugin for WordPress is susceptible to a privilege escalation issue. The edukart pro register user front end function does not adequately restrict the user roles that can be assigned during registration. This allows unauthenticated attackers to register with the 'administrator' role, gaining unauthorized administrative access to the WordPress site.

Recommendations Versions prior to 1.0.4 should be updated. As a temporary workaround, consider disabling the edukart pro register user front end function until a patch is available. Monitor user roles for any unauthorized administrator accounts.