CVE-2025-15521

CRITICAL
2026-01-21 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 21, 2026 - 02:15 nvd
CRITICAL 9.8

Tags

WordPress Privilege Escalation PHP

Description

The Academy LMS - WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password and relying solely on a publicly-exposed nonce for authorization. This makes it possible for unauthenticated attackers to change arbitrary user's password, including administrators, and gain access to their account.

Analysis

Academy LMS WordPress plugin has a privilege escalation vulnerability allowing unauthenticated users to bypass access controls and gain elevated privileges on WordPress sites.

Technical Context

The Academy LMS plugin has a CWE-639 authorization bypass through user-controlled key vulnerability, allowing attackers to manipulate identifiers to access other users' accounts or elevate their own privileges.

Affected Products

['Academy LMS for WordPress']

Remediation

Update Academy LMS immediately. Implement proper authorization checks on all API endpoints.

Priority Score

49
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +49
POC: 0

Share

CVE-2025-15521 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy