Primary

Context

Academy LMS Privilege Escalation Vulnerability via Social Login Addon

Vulnerability

A privilege escalation vulnerability has been identified in the Academy LMS WordPress plugin, affecting all versions through 3.3.7. The issue arises because the plugin fails to properly validate user roles before registering users through the Social Login addon. This flaw allows unauthenticated attackers to change their role to Administrator during the registration process.

Impact

Exploitation of this vulnerability allows unauthenticated users to gain Administrator privileges on the WordPress site.

Remediation

Users can update to version 3.3.8 or a newer patched version to address this vulnerability.

Added: Oct 22, 2025, 12:18 PM

Updated: Oct 22, 2025, 12:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Academy LMS Privilege Escalation Vulnerability via Social Login Addon

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating