CVE-2025-5483
📋 TL;DR
The LC Wizard WordPress plugin has a privilege escalation vulnerability that allows unauthenticated attackers to create administrator accounts when PRO functionality is enabled. This affects WordPress sites running plugin versions 1.2.10 through 1.3.0. Attackers can gain full control of vulnerable websites.
💻 Affected Systems
- WordPress LC Wizard plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover with attacker creating admin accounts, installing backdoors, defacing content, stealing data, and using the site for further attacks.
Likely Case
Attackers create hidden admin accounts to maintain persistent access, install malware, or use the site for spam/phishing campaigns.
If Mitigated
If proper network controls exist, the attack might be detected and blocked before full compromise, limiting damage to attempted intrusion.
🎯 Exploit Status
Exploitation requires sending crafted HTTP requests to the vulnerable endpoint. No authentication or special privileges needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.1
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3366906
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find LC Wizard plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 1.3.1 from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable PRO functionality
allTemporarily disable the PRO features that enable the vulnerable code path
Disable plugin
allCompletely disable the LC Wizard plugin until patched
🧯 If You Can't Patch
- Implement web application firewall rules to block requests to /ghl-wizard/inc/wp_user.php
- Restrict access to WordPress admin functions from untrusted networks
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > LC Wizard version. If between 1.2.10 and 1.3.0 and PRO features enabled, you are vulnerable.Check Version:
wp plugin list --name='LC Wizard' --field=versionVerify Fix Applied:
Verify plugin version is 1.3.1 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /ghl-wizard/inc/wp_user.php
- Unexpected user creation events in WordPress logs
- New administrator accounts created from unfamiliar IPs
Network Indicators:
- HTTP requests to vulnerable endpoint with user creation parameters
- Traffic spikes to WordPress admin functions
SIEM Query:
source="wordpress.log" AND (uri_path="/ghl-wizard/inc/wp_user.php" OR message="New user created" OR message="User role changed to administrator")