Main Vulnerability Database SB2025041742

SB2025041742 - Privilege escalation in WPC Admin Columns plugin for WordPress

Published: April 17, 2025

Security Bulletin ID SB2025041742

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper privilege management (CVE-ID: CVE-2025-3418)

The vulnerability allows a remote attacker to escalate privileges.

The vulnerability exists due to the affected plugin not properly restricting user meta values that can be updated through the ajax_edit_save() function. A remote user can escalate privileges.

Remediation

Install update from vendor's website.

References

https://plugins.trac.wordpress.org/changeset/3269302/wpc-admin-columns/trunk/includes/class-backend.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/6145e2d7-c917-4814-a13e-6d34088cb784?source=cve