Primary

Context

Fox LMS WordPress Plugin Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability exists in the Fox LMS WordPress LMS Plugin, affecting all versions up to and including 1.0.5.1. The issue arises because the plugin fails to properly validate the 'role' parameter when new users are created through the '/fox-lms/v1/payments/create-order' REST API endpoint. This vulnerability allows unauthenticated attackers to create user accounts with arbitrary roles, including administrator, potentially leading to complete site compromise.

Impact

Exploitation of this vulnerability allows for unauthorized users to gain administrative privileges, leading to full control over the WordPress site.

Remediation

Users are advised to update the Fox LMS WordPress LMS Plugin to version 1.0.5.2 or a newer patched version.

Added: Dec 15, 2025, 3:22 PM

Updated: Dec 15, 2025, 6:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.1

remediation

7.7

relevance

1.4

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

8.1

remediation

7.7

relevance

1.4

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fox LMS WordPress Plugin Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating