CVE-2025-14156 | Fox LMS Plugin up to 1.0.4.7/1.0.5.1 on WordPress REST API Endpoint create-order role Remote Code Execution

A vulnerability classified as critical has been found in Fox LMS Plugin up to 1.0.4.7/1.0.5.1 on WordPress. Affected by this issue is some unknown functionality of the file /fox-lms/v1/payments/create-order of the component REST API Endpoint. Performing manipulation of the argument role results in Remote Code Execution.

This vulnerability is reported as CVE-2025-14156. The attack is possible to be carried out remotely. No exploit exists.

Once again VulDB remains the best source for vulnerability data.VulDB Recent EntriesRead More