LazyCoders LLC LazyTasks CVE-2025-68869
CRITICALSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Incorrect Privilege Assignment vulnerability in LazyCoders LLC LazyTasks lazytasks-project-task-management allows Privilege Escalation.This issue affects LazyTasks: from n/a through <= 1.4.01.
AnalysisAI
LazyTasks project management WordPress plugin has an incorrect privilege assignment vulnerability allowing low-privileged users to escalate to administrator, gaining full site control.
Technical ContextAI
The LazyTasks plugin by LazyCoders LLC has a CWE-266 incorrect privilege assignment that allows users with minimal WordPress roles to escalate their privileges to administrator through the task management functionality.
Affected ProductsAI
LazyTasks by LazyCoders LLC (WordPress)
RemediationAI
Update or remove the plugin. Audit user roles for unauthorized privilege changes.
Same weakness CWE-266 – Incorrect Privilege Assignment
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today