CVE-2025-13542 – DesignThemes LMS

CVE ID : CVE-2025-13542

Published : Dec. 2, 2025, 7:27 p.m. | 59 minutes ago

Description : The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.4. This is due to the ‘dtlms_register_user_front_end’ function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the ‘administrator’ role during registration and gain administrator access to the site.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-13658 – Industrial Video & Control Longwatch has a Code Injection vulnerability

CVE-2025-13510 – Iskra iHUB and iHUB Lite has a Missing Authentication for Critical Function vulnerabilitiy

CVE-2025-66468 – Aimeos GrapesJS CMS extension possible stores XSS exploitable by authenticated editors

CVE-2025-66460 – Lookyloo vulnerable to XSS due to lack of escaping in HTML elements passed to Datatables