CVE-2025-48082 HIGH

CVE-2025-48082: WordPress Progress Planner plugin <= 1.8.0 - Privilege Escalation vulnerability

Vendor Progress Planner
Product Progress Planner
Weakness CWE-266
Published October 22, 2025
Last update April 28, 2026

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Incorrect Privilege Assignment vulnerability in Progress Planner Progress Planner progress-planner allows Privilege Escalation.This issue affects Progress Planner: from n/a through <= 1.8.0.

Explanation of Vulnerability in Simple Terms

02Summary

Progress Planner versions 1.8.0 and earlier contain an insufficient privilege validation flaw. An authenticated user with low-level access can read, modify, or delete data and functionality they should not have access to. The vulnerability requires a valid user account but no additional user interaction. Organizations running affected versions should update immediately.

What an attacker can do

03Attacker Capabilities

Read, modify, or delete sensitive data and application functionality without proper authorization.

Potential impact on your site

04Site Impact

Authenticated users can access or alter data and settings beyond their assigned role, risking data breach and system compromise.

Conditions required to exploit

05Prerequisites

Attacker must have a valid user account with low-level privileges on the application.

Key dates

06Disclosure timeline

October 22, 2025 CVE published
April 28, 2026 Record updated