CVE-2025-1295

Published Feb 27, 2025

Last updated a month ago

CVSS high 8.8

Overview

Description
The Templines Elementor Helper Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.7. This is due to allowing arbitrary user meta updates. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to Administrator. The vulnerability can only be exploited when the BuddyPress plugin is also installed and activated.
Source
security@wordfence.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security@wordfence.com
CWE-269

Social media

Hype score
Not currently trending

  1. CVE-2025-1295 The Templines Elementor Helper Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.7. This is due to allowing arbitr… https://t.co/WSlZXd1LCf

    @CVEnew

    27 Feb 2025

    88 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2025-1295 🔴 HIGH (8.8) 🏢 Templines - Templines Elementor Helper Core 🏗️ * 🔗 https://t.co/FGmhFIRhtn 🔗 http://localhost:1337/wp-content/plugins/templines-helper-core/youzify/youzify.php#L3082 #CyberCron #VulnAlert https://t.co/XlAZ0i7qmH

    @cybercronai

    27 Feb 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-1295 Privilege Escalation in Templines Elementor Helper Core WordPress Plugin via BuddyPress https://t.co/E76my4NeS1

    @VulmonFeeds

    27 Feb 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. �� CVE-2025-1295 - WordPress - HIGH 🚨 🗓️ Date published 2025-02-27 06:15:21 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/v7xiuzA91T

    @vulns_space

    27 Feb 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. [CVE-2025-1295: HIGH] WordPress plugin Templines Elementor Helper Core has a privilege escalation vulnerability in versions up to 2.7. Attackers with Subscriber access can update their role to Admin due to arbitra...#cybersecurity,#vulnerability https://t.co/kHfRFOYKT3 https://t.

    @CveFindCom

    27 Feb 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References