{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14156", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-05T20:32:01.682Z", "datePublished": "2025-12-15T14:25:13.176Z", "dateUpdated": "2025-12-15T14:50:15.064Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-12-15T14:25:13.176Z"}, "affected": [{"vendor": "ays-pro", "product": "Fox LMS \u2013 WordPress LMS Plugin", "versions": [{"version": "1.0.4.7", "status": "affected", "lessThanOrEqual": "1.0.5.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Fox LMS \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.5.1. This is due to the plugin not properly validating the 'role' parameter when creating new users via the `/fox-lms/v1/payments/create-order` REST API endpoint. This makes it possible for unauthenticated attackers to create new user accounts with arbitrary roles, including administrator, leading to complete site compromise."}], "title": "Fox LMS \u2013 WordPress LMS Plugin 1.0.4.7 - 1.0.5.1 - Unauthenticated Privilege Escalation via 'createOrder'", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de4f8d45-9522-4a32-bc98-be8dbf3a5cf1?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Ffox-lms%2Ftags%2F1.0.5.0%2Fincludes%2Frest%2FPayments.php&new_path=%2Ffox-lms%2Ftags%2F1.0.5.2%2Fincludes%2Frest%2FPayments.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-20 Improper Input Validation", "cweId": "CWE-20", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "timeline": [{"time": "2025-12-01T00:00:00.000+00:00", "lang": "en", "value": "Discovered"}, {"time": "2025-12-05T20:57:27.000+00:00", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-12-15T02:23:42.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-15T14:49:53.846684Z", "id": "CVE-2025-14156", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-15T14:50:15.064Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14156", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-12-15T14:49:53.846684Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-15T14:50:06.314Z"}}], "cna": {"title": "Fox LMS \u2013 WordPress LMS Plugin 1.0.4.7 - 1.0.5.1 - Unauthenticated Privilege Escalation via 'createOrder'", "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "ays-pro", "product": "Fox LMS \u2013 WordPress LMS Plugin", "versions": [{"status": "affected", "version": "1.0.4.7", "versionType": "semver", "lessThanOrEqual": "1.0.5.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-01T00:00:00.000+00:00", "value": "Discovered"}, {"lang": "en", "time": "2025-12-05T20:57:27.000+00:00", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-12-15T02:23:42.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de4f8d45-9522-4a32-bc98-be8dbf3a5cf1?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Ffox-lms%2Ftags%2F1.0.5.0%2Fincludes%2Frest%2FPayments.php&new_path=%2Ffox-lms%2Ftags%2F1.0.5.2%2Fincludes%2Frest%2FPayments.php"}], "descriptions": [{"lang": "en", "value": "The Fox LMS \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.5.1. This is due to the plugin not properly validating the 'role' parameter when creating new users via the `/fox-lms/v1/payments/create-order` REST API endpoint. This makes it possible for unauthenticated attackers to create new user accounts with arbitrary roles, including administrator, leading to complete site compromise."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-12-15T14:25:13.176Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14156", "state": "PUBLISHED", "dateUpdated": "2025-12-15T14:50:15.064Z", "dateReserved": "2025-12-05T20:32:01.682Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-12-15T14:25:13.176Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Fox LMS \u2013 WordPress LMS Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.5.1. This is due to the plugin not properly validating the 'role' parameter when creating new users via the `/fox-lms/v1/payments/create-order` REST API endpoint. This makes it possible for unauthenticated attackers to create new user accounts with arbitrary roles, including administrator, leading to complete site compromise."}], "id": "CVE-2025-14156", "lastModified": "2025-12-15T15:15:49.173", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-12-15T15:15:49.173", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Ffox-lms%2Ftags%2F1.0.5.0%2Fincludes%2Frest%2FPayments.php&new_path=%2Ffox-lms%2Ftags%2F1.0.5.2%2Fincludes%2Frest%2FPayments.php"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/de4f8d45-9522-4a32-bc98-be8dbf3a5cf1?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{}