WordPress Realty Portal plugin <= 0.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Options Update vulnerability discovered by kr0d in WordPress Plugin Realty Portal versions = 0.4.1...

CVE-2025-11985

The Realty Portal plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'rpsavepropertysettings' function in versions 0.1 to 0.4.1. This makes it possible for authenticated attackers, with...

CVE-2025-11985

The Realty Portal plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'rpsavepropertysettings' function in versions 0.1 to 0.4.1. This makes it possible for authenticated attackers, with...

CVE-2025-11985 Realty Portal <= 0.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The Realty Portal plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'rpsavepropertysettings' function in versions 0.1 to 0.4.1. This makes it possible for authenticated attackers, with...

CVE-2025-11985

CVE-2025-11985 concerns Realty Portal for WordPress (versions ≤ 0.4.1). The vulnerability arises from a missing capability check in rp_save_property_settings, enabling authenticated users with Subscriber+ privileges to modify arbitrary WordPress options. This can be exploited to set the default r...

CVE-2025-11985 Realty Portal <= 0.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The Realty Portal plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'rpsavepropertysettings' function in versions 0.1 to 0.4.1. This makes it possible for authenticated attackers, with...

EUVD-2025-198416

The Realty Portal plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'rpsavepropertysettings' function in versions 0.1 to 0.4.1. This makes it possible for authenticated attackers, with...

PT-2025-47689

Name of the Vulnerable Software and Affected Versions Realty Portal plugin for WordPress versions 0.1 through 0.4.1 Description The Realty Portal plugin for WordPress is susceptible to unauthorized data modification, potentially leading to privilege escalation. A missing capability check within t...

WordPress plugin Realty Portal 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

EUVD-2006-2850

Malware in sbrugna...

CVE-2025-6190

The Realty Portal – Agent plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the rpuserprofile AJAX handler in versions 0.1.0 through 0.3.9. The handler reads the client-supplied meta key and value pairs from $POST and passes them directly to...

CVE-2025-6190

The Realty Portal – Agent plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the rpuserprofile AJAX handler in versions 0.1.0 through 0.3.9. The handler reads the client-supplied meta key and value pairs from $POST and passes them directly to...

CVE-2025-6190

CVE-2025-6190 describes a privilege-escalation flaw in the Realty Portal – Agent WordPress plugin (versions 0.1.0–0.3.9). The rp_user_profile() AJAX handler reads client-supplied POST data and passes it to update_user_meta() without restricting to a whitelist, enabling authenticated users with Su...

CVE-2025-6190 Realty Portal – Agent <= 0.3.9 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via rp_user_profile() Function

The Realty Portal – Agent plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the rpuserprofile AJAX handler in versions 0.1.0 through 0.3.9. The handler reads the client-supplied meta key and value pairs from $POST and passes them directly to...

CVE-2025-6190 Realty Portal – Agent <= 0.3.9 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via rp_user_profile() Function

The Realty Portal – Agent plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the rpuserprofile AJAX handler in versions 0.1.0 through 0.3.9. The handler reads the client-supplied meta key and value pairs from $POST and passes them directly to...

PT-2025-30513 · WordPress · Realty Portal – Agent

Name of the Vulnerable Software and Affected Versions: Realty Portal – Agent plugin for WordPress versions 0.1.0 through 0.3.9 Description: The Realty Portal – Agent plugin for WordPress is vulnerable to privilege escalation due to missing authorization within the rp user profile AJAX handler. Th...

WordPress plugin Realty Portal – Agent 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Abarcar Realty Portal 5.1.5 Content.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18218/info Abarcar Realty Portal is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit...

Abarcar Realty Portal 5.1.5/6.0.1 - Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/20970/info Abarcar Realty Portal is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow ...

CVE-2006-5840

Multiple SQL injection vulnerabilities in Abarcar Realty Portal allow remote attackers to execute arbitrary SQL commands via the 1 neid parameter to newsdetails.php, or the 2 slid parameter to slistl.php. NOTE: the cat vector is already covered by CVE-2006-2853. NOTE: the vendor has notified CVE...