CVE-2025-15521

{"id": "CVE-2025-15521", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2026-01-21T02:15:48.363", "references": [{"url": "https://plugins.trac.wordpress.org/browser/academy/tags/3.5.0/includes/functions.php#L1581", "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6687ebbe-fdf4-4ecb-bf59-034bb4b0104c?source=cve", "source": "security@wordfence.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "The Academy LMS \u2013 WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password and relying solely on a publicly-exposed nonce for authorization. This makes it possible for unauthenticated attackers to change arbitrary user's password, including administrators, and gain access to their account."}, {"lang": "es", "value": "El plugin The Academy LMS \u2013 WordPress LMS Plugin para Complete eLearning Solution para WordPress es vulnerable a escalada de privilegios a trav\u00e9s de la toma de control de cuentas en todas las versiones hasta la 3.5.0, inclusive. Esto se debe a que el plugin no valida correctamente la identidad de un usuario antes de actualizar su contrase\u00f1a y se basa \u00fanicamente en un nonce expuesto p\u00fablicamente para la autorizaci\u00f3n. Esto hace posible que atacantes no autenticados cambien la contrase\u00f1a de cualquier usuario, incluidos los administradores, y obtengan acceso a su cuenta."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "security@wordfence.com"}