CVE-2025-11086
📋 TL;DR
This vulnerability allows unauthenticated attackers to register as administrators on WordPress sites using the Academy LMS plugin with Social Login addon. Any WordPress site running Academy LMS plugin versions up to 3.3.7 with Social Login enabled is affected. Attackers can gain full administrative control without any authentication.
💻 Affected Systems
- Academy LMS – WordPress LMS Plugin for Complete eLearning Solution
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover where attackers gain administrator privileges, can install backdoors, steal data, deface the site, or use it for further attacks.
Likely Case
Attackers create administrator accounts to maintain persistent access, potentially leading to data theft, malware distribution, or credential harvesting.
If Mitigated
With proper monitoring and access controls, unauthorized administrator accounts could be detected and removed before significant damage occurs.
🎯 Exploit Status
The vulnerability is straightforward to exploit as it requires no authentication and minimal technical skill.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.3.8 or later
Vendor Advisory: https://academylms.net/whats-new/
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Go to Plugins → Installed Plugins
3. Find Academy LMS plugin
4. Click 'Update Now' if update is available
5. If no update appears, download version 3.3.8+ from academylms.net
6. Upload and replace the plugin manually
🔧 Temporary Workarounds
Disable Social Login Addon
allTemporarily disable the Social Login functionality until patched
Navigate to Academy LMS settings and disable Social Login addon
Disable User Registration
allPrevent new user registrations entirely
Go to WordPress Settings → General → uncheck 'Anyone can register'
🧯 If You Can't Patch
- Disable the Academy LMS plugin entirely and use alternative LMS solutions
- Implement Web Application Firewall (WAF) rules to block suspicious user registration attempts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Academy LMS → Version. If version is 3.3.7 or lower, you are vulnerable.Check Version:
wp plugin get academy-lms --field=versionVerify Fix Applied:
After updating, verify version is 3.3.8 or higher. Test user registration with Social Login to ensure role escalation is prevented.📡 Detection & Monitoring
Log Indicators:
- Unexpected administrator account creations
- User registration events from Social Login with administrator role assignment
- Multiple failed login attempts followed by successful administrator registration
Network Indicators:
- HTTP POST requests to user registration endpoints with role parameter manipulation
- Traffic patterns showing new administrator accounts being created
SIEM Query:
source="wordpress" AND (event="user_registered" AND user_role="administrator") OR (event="role_changed" AND new_role="administrator")