VYPR

Lisfinity Core

by WordPress

CVEs (2)

  • CVE-2025-6038HigOct 9, 2025
    risk 0.57cvss 8.8epss 0.00

    The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation via password update in all versions up to, and including, 1.4.0. This is due to the plugin not properly validating a user's identity…

  • CVE-2025-6042HigOct 15, 2025
    risk 0.47cvss 7.3epss 0.00

    The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.0. This is due to the plugin assigning the editor role by default. While limitations with…