WordPress LC Wizard plugin elevation of privilege vulnerability

WordPress LC Wizard plugin is a plugin with security vulnerabilities. WordPress LC Wizard plugin has an elevation of privilege vulnerability that stems from a missing capability check in the ghl-wizard/inc/wpuser.php file, which can be exploited by an attacker to cause an elevation of privilege...

CVE-2025-5483 LC Wizard 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation

The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wpuser.php file in versions 1.2.10 to 1.3.0. This makes it possible for unauthenticated attackers to create new user accounts with the administrator role when the PRO...

WordPress LC Wizard plugin 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation vulnerability

WordPress LC Wizard plugin 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin LC Wizard versions 1.2.10-1.3.0...

WordPress LC Wizard plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin LC Wizard versions = 2.1.3...

CVE-2025-58237

CVE-2025-58237: LC Wizard (Connector Wizard) for WordPress has a stored XSS in LC Wizard/Connector Wizard up to version 1.4.0 (initial cites 1.3.0). Root cause: improper input neutralization during web page generation. Affected plugin: Connector Wizard (formerly LC Wizard); vulnerability context ...

CVE-2025-58237 WordPress LC Wizard plugin <= 2.2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Stored XSS.This issue affects LC Wizard: from n/a through = 2.2.4...

CVE-2025-58237 WordPress LC Wizard plugin <= 2.2.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Stored XSS.This issue affects LC Wizard: from n/a through = 2.2.4...