Vulnerabilities

CVE-2025-15521 - Academy LMS – WordPress LMS Plugin for Complete eLearning Solution <= 3.5.0 - un...

2026-01-21 0 views admin

CVE ID : CVE-2025-15521 Published : Jan. 21, 2026, 2:15 a.m. | 52 minutes ago Description : The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password and relying solely on a publicly-exposed nonce for authorization. This makes it possible for unauthenticated attackers to change arbitrary user's password, including administrators, and gain access to their account. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-15521

Severity

CRITICAL

Published

Jan. 21, 2026

Affected Product: WordPress

Impact: privilege escalation

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-15521criticalwordpress

CVE-2025-15521 - Academy LMS – WordPress LMS Plugin for Complete eLearning Solution <= 3.5.0 - un...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-12781 - base64.b64decode() always accepts

CVE-2025-68137 - EVerest's Integer Overflow and Signed to Unsigned conversion lead to either stac...

CVE-2025-68136 - EVerest's inadequate session handling can lead to memory-related errors or exhau...

CVE-2025-13465 - Prototype Pollution Vulnerability in Lodash _.unset and _.omit functions

Trending

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

Tech: Data is the only moat

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

Tech: AWS European Sovereign Cloud

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3