CVE-2025-1295
Published: 27 February 2025
Description
The Templines Elementor Helper Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.7. This is due to allowing arbitrary user meta updates. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to Administrator. The vulnerability can only be exploited when the BuddyPress plugin is also installed and activated.
Security Summary
CVE-2025-1295 is a privilege escalation vulnerability affecting the Templines Elementor Helper Core plugin for WordPress in all versions up to and including 2.7. The flaw stems from the plugin allowing arbitrary user meta updates, which enables attackers to escalate their privileges. Exploitation requires the BuddyPress plugin to be installed and activated on the target WordPress site. The vulnerability is rated with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-269 (Improper Privilege Management).
Authenticated attackers with Subscriber-level access or higher can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By leveraging the arbitrary user meta update capability, they can modify their own user role to Administrator, granting full control over the WordPress site, including the ability to execute high-impact actions on confidentiality, integrity, and availability.
Advisories from sources like Wordfence detail the vulnerability and reference the specific code location in the plugin's youzify.php file at line 3082. No patch information is specified in available details, but security practitioners should update to a fixed version if available or disable the plugin until remediation, particularly on sites running BuddyPress.
Details
- CWE(s)