VYPR

Ghl Wizard

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-5483HigNov 7, 2025
    risk 0.46cvss 8.1epss 0.00

    The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wp_user.php file in versions 1.2.10 to 1.3.0. This makes it possible for unauthenticated attackers to create new user accounts with the administrator…

  • CVE-2025-58237MedSep 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Stored XSS.This issue affects LC Wizard: from n/a through <= 2.2.4.