CVE-2025-67966
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-01-29
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | lawyer_directory | to 1.3.3 (inc) |
| patchstack | lawyer_directory | 1.3.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects WordPress sites using the Lawyer Directory Plugin version 1.3.3 or earlier. Detection involves checking the installed plugin version to see if it is vulnerable. You can detect the presence of the vulnerable plugin and its version by running commands that list WordPress plugins and their versions, such as using WP-CLI: `wp plugin list --format=json` and inspecting the output for 'lawyer-directory' with version <= 1.3.3. Additionally, monitoring for unusual privilege escalations or unauthorized administrative access attempts may indicate exploitation. Patchstack provides mitigation rules that can be enabled to block attacks targeting this vulnerability. However, no specific detection commands for network traffic or exploit attempts are provided in the resources. [1]
Can you explain this vulnerability to me?
CVE-2025-67966 is a high-priority privilege escalation vulnerability in the WordPress Lawyer Directory Plugin (versions up to 1.3.3). It allows a malicious user with a low-privileged account (like subscriber or developer) to escalate their privileges to a higher level, potentially gaining full control over the affected website. This means attackers can bypass normal privilege restrictions and obtain administrative or other high-level access. [1]
How can this vulnerability impact me? :
This vulnerability can severely impact you by allowing attackers with low-level access to escalate their privileges and take over your entire WordPress site. This could lead to unauthorized changes, data theft, site defacement, or complete loss of control over your website. It poses a highly dangerous risk with a CVSS score of 8.8, indicating it is likely to be exploited if not patched. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, update the Lawyer Directory Plugin to version 1.3.4 or later. Until the update can be applied, use the Patchstack mitigation rule that blocks attacks targeting this vulnerability. Additionally, if you are a Patchstack user, enable auto-updates specifically for vulnerable plugins to ensure ongoing protection. [1]