cleantalk
Vulnerabilities and Security Researches

Administrator Z, CVE-2025-2815

CVE, Research URL

CVE-2025-2815

Home page URL

Security reports for Administrator Z

Application

Administrator Z

Published on
Mar 28, 2025
Research Description
The Administrator Z plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the adminz_import_backup() function in all versions up to, and including, 2025.03.24. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
Affected versions
Min -, max 2025.03.27.
Status
vulnerable
Previous vulnerability researches
Comment Approved Notifier Extended (CVE-2025-30792) , Mar 28, 2025
New vulnerability
ABC Notation (CVE-2025-31895) , Apr 03, 2025
Leartes TRY Exchange Rates (CVE-2025-31783) , Apr 03, 2025
Essential Real Estate (CVE-2025-30849) , Apr 03, 2025
SMS Abandoned Cart Recovery ✦ CartBoss (CVE-2025-31865) , Apr 03, 2025
HTML Forms (CVE-2025-31080) , Apr 03, 2025