CVE-2025-15041

Name of the Vulnerable Software and Affected Versions BackWPup – WordPress Backup & Restore Plugin versions prior to 5.6.3

Description The BackWPup – WordPress Backup & Restore Plugin for WordPress is susceptible to unauthorized data modification, potentially leading to privilege escalation. A missing capability check within the save site option() function allows authenticated attackers with a level of access and above to modify arbitrary options on a WordPress site. This can be exploited to elevate privileges, for example, by changing the default registration role to administrator and enabling user registration, thereby granting attackers administrative access.

Recommendations Update BackWPup – WordPress Backup & Restore Plugin to version 5.6.3 or later.