{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13563", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-11-22T17:13:16.491Z", "datePublished": "2026-02-19T04:36:20.596Z", "dateUpdated": "2026-04-08T17:16:07.675Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:16:07.675Z"}, "affected": [{"vendor": "BuddhaThemes", "product": "Lizza LMS Pro", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'lizza_lms_pro_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site."}], "title": "Lizza LMS Pro <= 1.0.3 - Unauthenticated Privilege Escalation", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b113f475-3133-4ea3-9152-03bb84d79307?source=cve"}, {"url": "https://themeforest.net/item/lizza-lms-education-wordpress-theme/51057780"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-269 Improper Privilege Management", "cweId": "CWE-269", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Alyudin Nafiie"}], "timeline": [{"time": "2026-02-18T15:49:30.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-24T01:36:10.312572Z", "id": "CVE-2025-13563", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T01:36:23.308Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13563", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-24T01:36:10.312572Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T01:36:18.708Z"}}], "cna": {"title": "Lizza LMS Pro <= 1.0.3 - Unauthenticated Privilege Escalation", "credits": [{"lang": "en", "type": "finder", "value": "Alyudin Nafiie"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "BuddhaThemes", "product": "Lizza LMS Pro", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.0.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-18T15:49:30.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b113f475-3133-4ea3-9152-03bb84d79307?source=cve"}, {"url": "https://themeforest.net/item/lizza-lms-education-wordpress-theme/51057780"}], "descriptions": [{"lang": "en", "value": "The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'lizza_lms_pro_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:16:07.675Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13563", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:16:07.675Z", "dateReserved": "2025-11-22T17:13:16.491Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-19T04:36:20.596Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'lizza_lms_pro_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site."}, {"lang": "es", "value": "El plugin Lizza LMS Pro para WordPress es vulnerable a una escalada de privilegios en todas las versiones hasta la 1.0.3, ambas inclusive. Esto se debe a que la funci\u00f3n 'lizza_lms_pro_register_user_front_end' no restringe los roles de usuario con los que un usuario puede registrarse. Esto hace posible que atacantes no autenticados suministren el rol de 'administrador' durante el registro y obtengan acceso de administrador al sitio."}], "id": "CVE-2025-13563", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-19T07:17:30.870", "references": [{"source": "security@wordfence.com", "url": "https://themeforest.net/item/lizza-lms-education-wordpress-theme/51057780"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b113f475-3133-4ea3-9152-03bb84d79307?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.0.3]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Lizza LMS Pro", "source": "cna", "vendor": "BuddhaThemes"}, "product": "lizza_lms_pro", "vendor": "buddhathemes"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 90.0, "confidence_source": "inferred", "scores": [{"score": 90.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-21T00:10:13.403041+00:00", "value": {"mitigation_remediation": ["Update Lizza LMS Pro to a version that restricts role assignment during registration or apply the vendor\u2019s patch if available.", "Disable or remove the public front\u2011end registration functionality so that users cannot register new accounts without authentication.", "Implement a Web Application Firewall or input validation rule that blocks attempts to set the \"administrator\" role during user registration."], "summary": {"action": "Apply Patch", "impact": "Unauthenticated Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects BuddhaThemes' Lizza LMS Pro plugin for WordPress in all releases up to and including version\u00a01.0.3. Any site deploying these versions without additional restrictions is at risk.", "description_and_impact": "The Lizza LMS Pro plugin includes an insecure user registration function that accepts any role value. An attacker can submit the role \"administrator\" even without being logged in, thereby creating a new administrator account. This grants the attacker full control over the WordPress site, including the ability to install plugins, modify content, access sensitive data, and compromise other user accounts.", "risk_and_exploitability": "The CVSS base score is 9.8, indicating critical severity, while the EPSS score is less than 1\u202f%, showing a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Likely attack vectors involve submitting crafted registration requests through the front\u2011end registration endpoint, which is publicly accessible, allowing unauthenticated users to trigger the privilege escalation."}}}}, "created": "2026-02-19T10:06:59.671910+00:00", "updated": "2026-04-21T00:15:16.127744+00:00", "vendors": ["buddhathemes", "buddhathemes$PRODUCT$lizza_lms_pro", "wordpress", "wordpress$PRODUCT$wordpress"]}