CVE-2025-15041
Awaiting Analysis Awaiting Analysis - Queue

Privilege Escalation in BackWPup Plugin via Missing Capability Check

Vulnerability report for CVE-2025-15041, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-19

Last updated on: 2026-02-19

Assigner: Wordfence

Description

The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the save_site_option() function in all versions up to, and including, 5.6.2. This makes it possible for authenticated attackers, with level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-19
Last Modified
2026-02-19
Generated
2026-07-06
AI Q&A
2026-02-19
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
backwpup backwpup 5.6.3
backwpup backwpup to 5.6.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The BackWPup WordPress plugin, up to version 5.6.2, has a vulnerability due to a missing capability check on the save_site_option() function. This flaw allows authenticated users with level access and above to modify arbitrary site options without proper authorization.

An attacker can exploit this to change the default user role for new registrations to administrator and enable user registration, thereby gaining administrative access to the WordPress site.

Impact Analysis

This vulnerability can lead to privilege escalation where an attacker with some authenticated access can gain full administrative control over the WordPress site.

By changing the default registration role to administrator and enabling user registration, attackers can create new admin accounts, compromising the site's security, integrity, and availability.

Such unauthorized administrative access can result in data modification, deletion, or other malicious activities on the site.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability involves unauthorized modification of WordPress site options via the BackWPup plugin's save_site_option() function, allowing privilege escalation by authenticated users with level access and above."}, {'type': 'paragraph', 'content': 'Detection can focus on identifying unauthorized changes to site options, especially changes to the default user role for registration or enabling user registration unexpectedly.'}, {'type': 'paragraph', 'content': 'Since the vulnerability is related to the BackWPup plugin versions up to 5.6.2, checking the installed plugin version is a primary step.'}, {'type': 'list_item', 'content': 'Check the BackWPup plugin version installed on your WordPress site to see if it is 5.6.2 or earlier.'}, {'type': 'list_item', 'content': "Review WordPress site options for suspicious changes, such as the 'default_role' option being set to 'administrator' or 'users_can_register' being enabled unexpectedly."}, {'type': 'list_item', 'content': 'Use WP-CLI commands to inspect site options and plugin versions, for example:'}, {'type': 'list_item', 'content': '1. Check plugin version: wp plugin list --status=active | grep backwpup'}, {'type': 'list_item', 'content': '2. Check default role: wp option get default_role'}, {'type': 'list_item', 'content': '3. Check if user registration is enabled: wp option get users_can_register'}, {'type': 'list_item', 'content': '4. Review recent changes or logs for option updates if logging is enabled.'}, {'type': 'paragraph', 'content': 'No specific network commands or signatures are provided in the available resources.'}] [1, 2]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The primary mitigation step is to update the BackWPup plugin to version 5.6.3 or later, as this version includes a security fix for CVE-2025-15041.'}, {'type': 'paragraph', 'content': 'Additional immediate steps include:'}, {'type': 'list_item', 'content': 'Restrict user permissions to prevent unauthorized users from having level access or higher that could exploit this vulnerability.'}, {'type': 'list_item', 'content': "Review and reset critical site options such as 'default_role' and 'users_can_register' to secure values."}, {'type': 'list_item', 'content': 'Disable user registration if it is not required.'}, {'type': 'list_item', 'content': 'Monitor site logs for suspicious activity related to option changes.'}, {'type': 'paragraph', 'content': 'Applying the plugin update is the most effective and recommended action to fully address the vulnerability.'}] [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15041. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart