{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T20:06:02.621","vulnerabilities":[{"cve":{"id":"CVE-2025-15521","sourceIdentifier":"security@wordfence.com","published":"2026-01-21T02:15:48.363","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.5.0. This is due to the plugin not properly validating a user's identity prior to updating their password and relying solely on a publicly-exposed nonce for authorization. This makes it possible for unauthenticated attackers to change arbitrary user's password, including administrators, and gain access to their account."},{"lang":"es","value":"El plugin The Academy LMS – WordPress LMS Plugin para Complete eLearning Solution para WordPress es vulnerable a escalada de privilegios a través de la toma de control de cuentas en todas las versiones hasta la 3.5.0, inclusive. Esto se debe a que el plugin no valida correctamente la identidad de un usuario antes de actualizar su contraseña y se basa únicamente en un nonce expuesto públicamente para la autorización. Esto hace posible que atacantes no autenticados cambien la contraseña de cualquier usuario, incluidos los administradores, y obtengan acceso a su cuenta."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-639"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/academy/tags/3.5.0/includes/functions.php#L1581","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/6687ebbe-fdf4-4ecb-bf59-034bb4b0104c?source=cve","source":"security@wordfence.com"}]}}]}