CVE-2025-6042

The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.0. This is due to the plugin assigning the editor role by default. While limitations with respect to capabiliti...

CVE-2025-6042

CVE-2025-6042 is a privilege-escalation vulnerability in the WordPress plugin Lisfinity Core (for pebas Lisfinity WordPress theme). Affected: all versions up to and including 1.4.0. Root cause: the plugin assigns the editor role by default and does not restrict API usage, enabling privilege escal...

CVE-2025-6042 Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme <= 1.4.0 - Unauthenticated Privilege Escalation to Editor

The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.0. This is due to the plugin assigning the editor role by default. While limitations with respect to capabiliti...

WordPress Lisfinity Core plugin <= 1.4.0 - Unauthenticated Privilege Escalation to Editor vulnerability

Unauthenticated Privilege Escalation to Editor vulnerability discovered by Alyudin Nafiie in WordPress Plugin Lisfinity Core versions = 1.4.0...

WordPress plugin Lisfinity Core 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An elevation of privilege vulnerability exists in the WordPress Lisfinity Core plugin, which stems from assigning the editor role by default and not restricting API usage, no...

CVE-2025-6038 Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme <= 1.4.0 - Authenticated (Subscriber+) Privilege Escalation

The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation via password update in all versions up to, and including, 1.4.0. This is due to the plugin not properly validating a user's identity prior to updating...

CVE-2025-6038 Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme <= 1.4.0 - Authenticated (Subscriber+) Privilege Escalation

The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation via password update in all versions up to, and including, 1.4.0. This is due to the plugin not properly validating a user's identity prior to updating...

PT-2025-41355

Name of the Vulnerable Software and Affected Versions Lisfinity Core plugin for WordPress versions prior to 1.4.1 Description The Lisfinity Core plugin for WordPress is susceptible to privilege escalation. An authenticated attacker with Subscriber-level access or higher can modify passwords for a...

WordPress Lisfinity Core plugin <= 1.4.0 - Authenticated (Subscriber+) Privilege Escalation vulnerability

Authenticated Subscriber+ Privilege Escalation vulnerability discovered by Alyudin Nafiie in WordPress Plugin Lisfinity Core versions = 1.4.0...