CVE-2025-14156

CRITICAL

Fox LMS - WordPress LMS Plugin <1.0.5.1 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-14156. PoCs published by Nxploited.

AI-analyzed exploit summary This PoC exploits an unauthenticated privilege escalation vulnerability in Fox LMS WordPress plugin by injecting an 'administrator' role via the REST API endpoint. It creates a new admin user with specified credentials.

Description

The Fox LMS – WordPress LMS Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.5.1. This is due to the plugin not properly validating the 'role' parameter when creating new users via the `/fox-lms/v1/payments/create-order` REST API endpoint. This makes it possible for unauthenticated attackers to create new user accounts with arbitrary roles, including administrator, leading to complete site compromise.

Exploits (1)

nomisec WORKING POC 1 stars
by Nxploited · poc
https://github.com/Nxploited/CVE-2025-14156

This PoC exploits an unauthenticated privilege escalation vulnerability in Fox LMS WordPress plugin by injecting an 'administrator' role via the REST API endpoint. It creates a new admin user with specified credentials.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Fox LMS WordPress Plugin v1.0.4.7 to v1.0.5.1
No auth needed
Prerequisites: Target running vulnerable Fox LMS plugin · Access to the REST API endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0044
EPSS Percentile 35.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-20
Status published
Products (1)
ays-pro/Fox LMS – WordPress LMS Plugin 1.0.4.7 - 1.0.5.1
Published Dec 15, 2025
Tracked Since Feb 18, 2026