Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Incorrect Privilege Assignment vulnerability in WPFunnels Creator LMS creatorlms allows Privilege Escalation.This issue affects Creator LMS: from n/a through <= 1.1.18.
AnalysisAI
An Incorrect Privilege Assignment vulnerability exists in WPFunnels Creator LMS plugin (versions up to and including 1.1.18) that allows authenticated or unauthenticated attackers to escalate their privileges within the application. This CWE-266 flaw enables attackers to gain unauthorized administrative or elevated access, potentially compromising the entire LMS installation and user data. While CVSS and EPSS scores are not yet publicly available, the privilege escalation nature and confirmed vulnerability status indicate significant real-world risk, particularly for WordPress installations managing educational content and user accounts.
Technical ContextAI
The vulnerability resides in the WPFunnels Creator LMS WordPress plugin, a learning management system extension for WordPress (identified via CPE cpe:2.3:a:wpfunnels:creator_lms:*:*:*:*:*:*:*:*). The root cause is classified under CWE-266 (Incorrect Privilege Assignment), which indicates the application fails to properly enforce role-based access control or permission boundaries when assigning user capabilities. Rather than a single code injection or authentication bypass flaw, this represents a logical flaw in how the plugin determines and validates user roles and permissions during runtime, likely affecting WordPress capability checks (the standard WordPress permission mechanism via wp_get_current_user_caps() or similar functions).
RemediationAI
Immediately upgrade WPFunnels Creator LMS to a version released after 1.1.18 (patch version to be confirmed via Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/creatorlms/vulnerability/wordpress-creator-lms-plugin-1-1-18-privilege-escalation-vulnerability?_s_id=cve or the official plugin repository). Perform the upgrade via WordPress Dashboard > Plugins > Updates or via WP-CLI using wp plugin update creatorlms. Until patching is complete, implement WordPress-level access controls by restricting plugin capabilities through additional role-management plugins, disabling LMS access for non-administrator users via .htaccess if possible, and auditing user account capabilities via wp-cli (wp user list-caps [user-id]) to detect privilege escalation. Monitor WordPress debug logs for unauthorized capability assignments and audit user logins immediately after patching.
Same weakness CWE-266 – Incorrect Privilege Assignment
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-15899
GHSA-vj36-gx8h-q66m