DesignThemes LMS

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.4. This is due to the 'dtlms_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.

AI Analysis

Unauthenticated Privilege Escalation vulnerability in DesignThemes LMS plugin for WordPress due to insufficient role restrictions during user registration.

Basic Information

ID CVE-2025-13542

Source Wordfence

Published Dec 2, 2025 at 19:27

Modified Dec 2, 2025 at 19:36

Affected Product

Vendor DesignThemes

Product DesignThemes LMS

Version *

Affected Versions DesignThemes DesignThemes LMS *

CWE Classification

CWE-269

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor DesignThemes

Product DesignThemes LMS

Version 1.0.4

References

{
    "lastseen": "",
    "description": "The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.4. This is due to the 'dtlms_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.",
    "published": "2025-12-02T19:27:16.108Z",
    "modified": "2025-12-02T19:36:45.547Z",
    "type": "cve",
    "title": "DesignThemes LMS <= 1.0.4 - Unauthenticated Privilege Escalation",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c880470f-3f81-47a2-b450-7074410e9f43?source=cve\nhttps://themeforest.net/item/egrad-education-wordpress-theme/42803015",
    "id": "CVE-2025-13542",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "DesignThemes DesignThemes LMS *",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DesignThemes LMS",
    "version": "*",
    "vendor": "DesignThemes",
    "ai_description": "Unauthenticated Privilege Escalation vulnerability in DesignThemes LMS plugin for WordPress due to insufficient role restrictions during user registration.",
    "ai_severity": "Critical",
    "ai_vendor": "DesignThemes",
    "ai_product": "DesignThemes LMS",
    "ai_version": "1.0.4",
    "ai_score": 9.8
}

DesignThemes LMS <= 1.0.4 - Unauthenticated Privilege Escalation_CVE-2025-13542