Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Lizza LMS Pro plugin for WordPress allows unauthorized admin access
CVE-2025-13563
Summary
The Lizza LMS Pro plugin for WordPress, used in some websites, has a security flaw that lets attackers gain administrator access to the site without a password. This can happen when a user registers for an account, and the attacker can choose to become an administrator. Website owners should update to a newer version of the plugin to fix this issue.
Original title
The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'lizza_lms_pro_register_user_front_end' function not res...
Original description
The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'lizza_lms_pro_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site.
nvd CVSS3.1
9.8
Vulnerability type
CWE-269
Improper Privilege Management
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026