CVE-2025-3418

Name of the Vulnerable Software and Affected Versions: WPC Admin Columns plugin for WordPress versions 2.0.6 through 2.1.0

Description: The issue is related to privilege escalation due to the plugin not properly restricting user meta values that can be updated through the ajax edit save() function. This allows authenticated attackers with Subscriber-level access and above to update their role to that of an administrator.

Recommendations: For versions 2.0.6 through 2.1.0, consider disabling the ajax edit save() function until a patch is available to prevent exploitation. Restrict access to user meta values to minimize the risk of privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.