EduKart Pro

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The EduKart Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'edukart_pro_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.

AI Analysis

Unauthenticated Privilege Escalation vulnerability in EduKart Pro plugin for WordPress due to insufficient role restrictions during user registration.

Basic Information

ID CVE-2025-13559

Source Wordfence

Published Nov 25, 2025 at 04:38

Affected Product

Vendor venusweb

Product EduKart Pro

Version *

Affected Versions venusweb EduKart Pro *

CWE Classification

CWE-269

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Venusweb

Product EduKart Pro

Version 1.0.3

References

{
    "lastseen": "",
    "description": "The EduKart Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'edukart_pro_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.",
    "published": "2025-11-25T04:38:01.073Z",
    "modified": "2025-11-25T04:38:01.073Z",
    "type": "cve",
    "title": "EduKart Pro <= 1.0.3 - Unauthenticated Privilege Escalation",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d3a5be68-8073-48b0-a536-bb3a05e83dda?source=cve\nhttps://themeforest.net/item/edit-edukart-online-courses-education-lms-theme/52094805",
    "id": "CVE-2025-13559",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "venusweb EduKart Pro *",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EduKart Pro",
    "version": "*",
    "vendor": "venusweb",
    "ai_description": "Unauthenticated Privilege Escalation vulnerability in EduKart Pro plugin for WordPress due to insufficient role restrictions during user registration.",
    "ai_severity": "Critical",
    "ai_vendor": "Venusweb",
    "ai_product": "EduKart Pro",
    "ai_version": "1.0.3",
    "ai_score": 9.8
}

EduKart Pro <= 1.0.3 - Unauthenticated Privilege Escalation_CVE-2025-13559