CVE-2025-1295 - Vulnerability Details

- Templines Elementor Helper Core <= 2.7 - Authenticated (Subscriber+) Privilege Escalation

Description

The Templines Elementor Helper Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.7. This is due to allowing arbitrary user meta updates. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to Administrator. The vulnerability can only be exploited when the BuddyPress plugin is also installed and activated.

Published: 2025-02-27

Score: 8.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Templines Elementor Helper Core plugin for WordPress allows an authenticated user with Subscriber-level access or higher to update arbitrary user meta data. By exploiting this flaw, an attacker can change their own role to Administrator, giving them full control of the site. The weakness resides in improper validation of user role changes and is classified as CWE‑269.

Affected Systems

The vulnerability affects Templines Elementor Helper Core plugin versions up to and including 2.7. It only applies when the BuddyPress plugin is also installed and activated within the WordPress environment, as the plugin’s meta update functionality is only exposed with BuddyPress active.

Risk and Exploitability

The flaw carries a CVSS score of 8.8, indicating high severity. The EPSS score of less than 1% points to a very low likelihood of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires a valid authenticated session with a Subscriber or higher role; from there, the attacker can elevate privileges by modifying user meta data. The requirement for BuddyPress installation limits the attack surface, making the vector internal and constrained to environments where both plugins coexist.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Templines

Templines Elementor Helper Core

unaffected

Version	Status	Constraints
`0`	affected	≤ 2.7

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update Templines Elementor Helper Core to a version newer than 2.7 to eliminate the privilege escalation flaw.
If the plugin is not required, consider uninstalling it entirely.
Disable or remove the BuddyPress plugin if it is not needed for site functionality, thereby removing the prerequisite for exploitation.
After applying the fix or removal, review existing user accounts to ensure no unauthorized Administrators remain and tighten the permissions granted to Subscriber roles where appropriate.

Generated by OpenCVE AI on April 22, 2026 at 02:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-5122	The Templines Elementor Helper Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.7. This is due to allowing arbitrary user meta updates. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to Administrator. The vulnerability can only be exploited when the BuddyPress plugin is also installed and activated.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00095.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
http://localhost:1337/wp-content/plugins/templines-helper-core/youzify/youzify.php#L3082
https://www.wordfence.com/threat-intel/vulnerabilities/id/8c5aa062-b9a2-4ddb-a5bf-4c8368218e85?source=cve

History

Tue, 04 Mar 2025 03:45:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 27 Feb 2025 05:30:00 +0000

Type	Values Removed	Values Added
Description		The Templines Elementor Helper Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.7. This is due to allowing arbitrary user meta updates. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to Administrator. The vulnerability can only be exploited when the BuddyPress plugin is also installed and activated.
Title		Templines Elementor Helper Core <= 2.7 - Authenticated (Subscriber+) Privilege Escalation
Weaknesses		CWE-269
References		http://localhost:1337/wp-content/plugins/templines-helper-core/youzify/youzify.php#L3082 https://www.wordfence.com/threat-intel/vulnerabilities/id/8c5aa062-b9a2-4ddb-a5bf-4c8368218e85?source=cve
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2025-02-27T05:23:04.516Z

Updated: 2026-04-08T17:05:58.688Z

Reserved: 2025-02-14T01:08:37.972Z

Link: CVE-2025-1295

Vulnrichment

Updated: 2025-02-27T14:42:39.956Z

NVD

Status : Deferred

Published: 2025-02-27T06:15:21.990

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-1295

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-22T02:15:05Z

Weaknesses

CWE-269

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object