CVE-2025-5483

High

Published: 07 November 2025

Published

07 November 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0010 27.7th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-5483 is a high-severity Missing Authorization (CWE-862) vulnerability in Wordpress (inferred from references). Its CVSS base score is 8.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and AC-3 (Access Enforcement).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match

prevent

Directly enforces approved authorizations, addressing the missing capability check that allows unauthenticated privilege escalation to administrator accounts.

AC-2 Account Management good match

prevent

Manages system accounts to ensure only authorized entities can create privileged administrator accounts, mitigating unauthorized user creation.

AC-6 Least Privilege good match

prevent

Enforces least privilege principle to restrict access to administrative functions, preventing exploitation of the missing authorization check.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

T1136.001 Local Account Persistence

Adversaries may create a local account to maintain access to victim systems.

attack.mitre.org →

Why these techniques?

Unauthenticated remote exploitation of public-facing WordPress plugin (T1190) enables privilege escalation (T1068) via missing authorization, directly allowing creation of local administrator accounts (T1136.001).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wp_user.php file in versions 1.2.10 to 1.3.0. This makes it possible for unauthenticated attackers to create new user accounts with the…

administrator role when the PRO functionality is enabled.

Deeper analysisAI

CVE-2025-5483 is a privilege escalation vulnerability in the LC Wizard plugin for WordPress, stemming from a missing capability check in the ghl-wizard/inc/wp_user.php file. It affects versions 1.2.10 through 1.3.0 of the plugin when the PRO functionality is enabled. The issue, classified under CWE-862 (Missing Authorization), has a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.

Unauthenticated attackers can exploit this vulnerability over the network by leveraging the absence of capability checks to create new user accounts with administrator privileges. Exploitation requires high attack complexity, likely involving specific conditions tied to the PRO features, but no prior privileges or user interaction are needed, enabling remote compromise of affected WordPress sites.

Mitigation details are available in the plugin's official patch at https://plugins.trac.wordpress.org/changeset/3366906 and Wordfence's threat intelligence advisory at https://www.wordfence.com/threat-intel/vulnerabilities/id/42dcc302-b543-42c7-99fa-605f017beb1a?source=cve, which outline the fix and recommend updating to a patched version beyond 1.3.0.