CVE-2019-25215 HIGH

CVE-2019-25215: ARI-Adminer <= 1.1.14 - Missing Authorization and No Direct File Access Restrictions

Vendor Arisoft

Product ARI Adminer – WordPress Database Manager

Weakness CWE-862 · Missing authorization

Published October 16, 2024

Last update April 8, 2026

View on NVD All CVEs

CVSS base score

7.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This makes it possible for unauthenticated attackers to call the files directly and perform a wide variety of unauthorized actions such as accessing a site's database and making changes.

Key dates

02Disclosure timeline

October 16, 2024 CVE published

April 8, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-25215 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

Identifiers

CVE CVE-2019-25215

CWE CWE-862

CVSS 7.3 / HIGH

Affected versions