CVE-2025-15041
Privilege Escalation in BackWPup Plugin via Missing Capability Check
Publication date: 2026-02-19
Last updated on: 2026-02-19
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| backwpup | backwpup | 5.6.3 |
| backwpup | backwpup | to 5.6.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The BackWPup WordPress plugin, up to version 5.6.2, has a vulnerability due to a missing capability check on the save_site_option() function. This flaw allows authenticated users with level access and above to modify arbitrary site options without proper authorization.
An attacker can exploit this to change the default user role for new registrations to administrator and enable user registration, thereby gaining administrative access to the WordPress site.
How can this vulnerability impact me? :
This vulnerability can lead to privilege escalation where an attacker with some authenticated access can gain full administrative control over the WordPress site.
By changing the default registration role to administrator and enabling user registration, attackers can create new admin accounts, compromising the site's security, integrity, and availability.
Such unauthorized administrative access can result in data modification, deletion, or other malicious activities on the site.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability involves unauthorized modification of WordPress site options via the BackWPup plugin's save_site_option() function, allowing privilege escalation by authenticated users with level access and above."}, {'type': 'paragraph', 'content': 'Detection can focus on identifying unauthorized changes to site options, especially changes to the default user role for registration or enabling user registration unexpectedly.'}, {'type': 'paragraph', 'content': 'Since the vulnerability is related to the BackWPup plugin versions up to 5.6.2, checking the installed plugin version is a primary step.'}, {'type': 'list_item', 'content': 'Check the BackWPup plugin version installed on your WordPress site to see if it is 5.6.2 or earlier.'}, {'type': 'list_item', 'content': "Review WordPress site options for suspicious changes, such as the 'default_role' option being set to 'administrator' or 'users_can_register' being enabled unexpectedly."}, {'type': 'list_item', 'content': 'Use WP-CLI commands to inspect site options and plugin versions, for example:'}, {'type': 'list_item', 'content': '1. Check plugin version: wp plugin list --status=active | grep backwpup'}, {'type': 'list_item', 'content': '2. Check default role: wp option get default_role'}, {'type': 'list_item', 'content': '3. Check if user registration is enabled: wp option get users_can_register'}, {'type': 'list_item', 'content': '4. Review recent changes or logs for option updates if logging is enabled.'}, {'type': 'paragraph', 'content': 'No specific network commands or signatures are provided in the available resources.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The primary mitigation step is to update the BackWPup plugin to version 5.6.3 or later, as this version includes a security fix for CVE-2025-15041.'}, {'type': 'paragraph', 'content': 'Additional immediate steps include:'}, {'type': 'list_item', 'content': 'Restrict user permissions to prevent unauthorized users from having level access or higher that could exploit this vulnerability.'}, {'type': 'list_item', 'content': "Review and reset critical site options such as 'default_role' and 'users_can_register' to secure values."}, {'type': 'list_item', 'content': 'Disable user registration if it is not required.'}, {'type': 'list_item', 'content': 'Monitor site logs for suspicious activity related to option changes.'}, {'type': 'paragraph', 'content': 'Applying the plugin update is the most effective and recommended action to fully address the vulnerability.'}] [1]