CVE-2025-3418

High CVSS: 8.8

The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated through the ajax_edit_save() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to that of an administrator.

Vendor

Product

CWE

CWE-269

Yayın Tarihi

2025-04-12 07:15:27

Güncelleme

2025-04-15 18:39:27

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-269 HIGH 2025

Referanslar

https://plugins.trac.wordpress.org/changeset/3269302/wpc-admin-columns/trunk/includes/class-backend.php https://www.wordfence.com/threat-intel/vulnerabilities/id/6145e2d7-c917-4814-a13e-6d34088cb784?source=cve