WordPress Administrator Z Plugin Privilege Escalation Vulnerability

A vulnerability in the Administrator Z plugin for WordPress allows authenticated users with Subscriber-level access and above to bypass authorization and modify arbitrary site options. This issue arises from a missing capability check in the 'adminz_import_backup()' function, affecting all versions of the plugin up to and including 2025.03.24. Exploiting this vulnerability could lead to unauthorized privilege escalation by allowing attackers to change the default user role for new registrations to 'administrator', thereby gaining admin access on the site.

Impact

Successful exploitation allows authenticated users to update arbitrary options on the WordPress site, potentially leading to privilege escalation by changing user roles to administrator.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access can send a request to the 'adminz_import_backup()' function without the necessary capability. This can be done by using a WordPress account with Subscriber privileges to access the vulnerable plugin's functionality that triggers the 'adminz_import_backup()' function.

Remediation

Users are advised to update the Administrator Z plugin to version 2025.03.27 or later.