Vulnerabilities and security researches forghl-wizard ghl-wizard

Oct 11, 2025

CVE, Research URL: CVE-2025-58237
Home page URL: Security reports for GHL Wizard
Application: GHL Wizard
Date: Sep 23, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Stored XSS.This issue affects LC Wizard: from n/a through <= 2.2.4.
Affected versions: max 2.2.4.
Status: vulnerable

Feb 27, 2026

CVE, Research URL: CVE-2025-68026
Home page URL: Security reports for GHL Wizard
Application: GHL Wizard
Date: Feb 20, 2026
Research Description: Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LC Wizard: from n/a through <= 2.1.1.
Affected versions: max 2.1.1.
Status: vulnerable

Apr 25, 2026

CVE, Research URL: CVE-2025-5483
Home page URL: Security reports for GHL Wizard
Application: GHL Wizard
Date: Nov 07, 2025
Research Description: The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wp_user.php file in versions 1.2.10 to 1.3.0. This makes it possible for unauthenticated attackers to create new user accounts with the administrator role when the PRO functionality is enabled.
Affected versions: max 1.4.0.
Status: vulnerable