High severity8.8NVD Advisory· Published Apr 12, 2025· Updated Apr 15, 2026
CVE-2025-3418
CVE-2025-3418
Description
The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated through the ajax_edit_save() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to that of an administrator.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: >= 2.0.6, <= 2.1.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.