CVE-2025-11985 Realty Portal <= 0.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update
The Realty Portal plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'rpsavepropertysettings' function in versions 0.1 to 0.4.1. This makes it possible for authenticated attackers, with...