4 matches found
CVE-2025-2815
The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the adminzimportbackup function in all versions up to, and including, 2025.03.24. This makes it possible for authenticated...
CVE-2025-2815
The CVE-2025-2815 entry concerns the Administrator Z plugin for WordPress. A missing capability check in adminz_import_backup() allows authenticated users with Subscriber+ access to modify arbitrary options, enabling privilege escalation (e.g., setting the default registration role to administrat...
CVE-2025-2815 Administrator Z <= 2025.03.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the adminzimportbackup function in all versions up to, and including, 2025.03.24. This makes it possible for authenticated...
CVE-2025-2815 Administrator Z <= 2025.03.24 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the adminzimportbackup function in all versions up to, and including, 2025.03.24. This makes it possible for authenticated...