CVE-2025-2815

Name of the Vulnerable Software and Affected Versions Administrator Z plugin for WordPress versions up to, and including, 2025.03.24

Description The issue is related to a missing capability check on the adminz import backup() function, which can lead to unauthorized modification of data and privilege escalation. This allows authenticated attackers with Subscriber-level access and above to update arbitrary options on the WordPress site, potentially enabling them to gain administrative user access.

Recommendations For versions up to, and including, 2025.03.24, consider disabling the adminz import backup() function until a patch is available to prevent exploitation. Restrict access to the Administrator Z plugin to minimize the risk of unauthorized data modification. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.