{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13559", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-11-22T16:45:36.723Z", "datePublished": "2025-11-25T04:38:01.073Z", "dateUpdated": "2026-04-08T17:25:38.986Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:25:38.986Z"}, "affected": [{"vendor": "venusweb", "product": "EduKart Pro", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The EduKart Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'edukart_pro_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site."}], "title": "EduKart Pro <= 1.0.3 - Unauthenticated Privilege Escalation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d3a5be68-8073-48b0-a536-bb3a05e83dda?source=cve"}, {"url": "https://themeforest.net/item/edit-edukart-online-courses-education-lms-theme/52094805"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-269 Improper Privilege Management", "cweId": "CWE-269", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Alyudin Nafiie"}], "timeline": [{"time": "2025-11-24T15:49:25.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-25T16:59:33.440350Z", "id": "CVE-2025-13559", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-25T16:59:40.999Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13559", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-11-25T16:59:33.440350Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-25T16:59:38.156Z"}}], "cna": {"title": "EduKart Pro <= 1.0.3 - Unauthenticated Privilege Escalation", "credits": [{"lang": "en", "type": "finder", "value": "Alyudin Nafiie"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "venusweb", "product": "EduKart Pro", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-11-24T15:49:25.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d3a5be68-8073-48b0-a536-bb3a05e83dda?source=cve"}, {"url": "https://themeforest.net/item/edit-edukart-online-courses-education-lms-theme/52094805"}], "descriptions": [{"lang": "en", "value": "The EduKart Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'edukart_pro_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:25:38.986Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13559", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:25:38.986Z", "dateReserved": "2025-11-22T16:45:36.723Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-11-25T04:38:01.073Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The EduKart Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'edukart_pro_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site."}], "id": "CVE-2025-13559", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-11-25T05:16:10.967", "references": [{"source": "security@wordfence.com", "url": "https://themeforest.net/item/edit-edukart-online-courses-education-lms-theme/52094805"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d3a5be68-8073-48b0-a536-bb3a05e83dda?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T01:21:33.736477+00:00", "value": {"mitigation_remediation": ["Update EduKart Pro to the newest version that includes a role\u2011restriction fix.", "If an update is unavailable, disable the \"edukart_pro_register_user_front_end\" endpoint or remove the plugin altogether to prevent unauthenticated role assignment.", "Reconfigure the WordPress registration process to force the default role to \"subscriber\" or another lower\u2011privilege role, and audit existing accounts for unintended administrator roles."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation to administrator role"}, "threat_synthesis": {"affected_systems": "All installations of the EduKart Pro WordPress theme or plugin from the vendor VenusWeb that are running version 1.0.3 or earlier are affected. The vulnerability is not limited to a specific operating system or hosting environment; any WordPress site that has this plugin enabled and allows user registration is at risk.", "description_and_impact": "The vulnerability lies in the fact that the EduKart Pro plugin for WordPress allows users to specify any role during the front\u2011end registration process. An unauthenticated attacker can submit the role \"administrator\" in a registration request and, because the 'edukart_pro_register_user_front_end' function does not check for administrative privileges, the site will create an account with full administrative rights. This gives the attacker full control of the WordPress installation, including the ability to modify content, install additional plugins, or compromise the site's data integrity and confidentiality. The weakness is a classic example of insufficient privilege management (CWE\u2011269).", "risk_and_exploitability": "The CVSS score of 9.8 indicates a critical severity. The EPSS score of less than 1% shows that at the time of this assessment the probability of exploitation is currently low, and the vulnerability is not yet listed in the CISA KEV catalog. However, because the exploit requires no authentication and involves only a simple form submission, a motivated attacker can easily craft a request to register with the administrator role. If the site relies on recruitment for new users, an attacker could enumerate valid endpoints, submit the payload, and gain administrative access, thereby bypassing all other access controls."}}}}, "created": "2025-11-26T11:10:40.350158+00:00", "updated": "2026-04-21T01:30:24.390604+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}