216.73.217.50

CVE-2025-3418

· Published 12/04/2025 07:15 · Modified 12/04/2025 07:15

Labels: CVE-2025-3418 2025-04-12CVE-2025-3418CWE-269[email protected]

Essential information

Published
12/04/2025 07:15
Modified
12/04/2025 07:15
Author
Creator
CVSS
8.8 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated through the ajax_edit_save() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to that of an administrator.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
wordpress / wpc admin columns cpe:2.3:a:wordpress:wpc_admin_columns:2.0.6-2.1.0:*:*:*:*:wordpress:*:*

References