Lucene search
K

6 matches found

Patchstack
Patchstack
added 2025/04/01 4:34 p.m.4 views

WordPress WP RealEstate plugin <= 1.6.26 - Authentication Bypass via 'process_register' vulnerability

Authentication Bypass via 'processregister' vulnerability discovered by Tonn in WordPress Plugin WP RealEstate versions = 1.6.26...

9.8CVSS8.3AI score0.00426EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/04/01 12:15 p.m.22 views

CVE-2025-2237

The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to privilege escalation in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'processregister' function. This makes it possible for unauthenticated attackers to register an...

9.8CVSS0.00426EPSS
Exploits0References2
Circl
Circl
added 2025/04/01 11:34 a.m.4 views

CVE-2025-2237

creationtimestamp| type| source ---|---|--- 2025-04-01 11:34:30+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9872 2025-04-01 12:40:18+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3llqvfgouaa2v 2025-04-01 13:48:33+00:00| seen|...

9.8CVSS8.7AI score0.00426EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/04/01 11:12 a.m.7 views

CVE-2025-2237 WP RealEstate <= 1.6.26 - Unauthenticated Privilege Escalation via 'process_register'

The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to privilege escalation in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'processregister' function. This makes it possible for unauthenticated attackers to register an...

9.8CVSS7.3AI score0.00426EPSS
Exploits0References2
CVE
CVE
added 2025/04/01 11:12 a.m.56 views

CVE-2025-2237

CVE-2025-2237 affects WP RealEstate (WordPress plugin) with authentication bypass via process_register in all versions up to 1.6.26, allowing unauthenticated attackers to register as Administrator. Root cause: insufficient role restrictions in the plugin. Impact, as stated by trusted sources: una...

9.8CVSS7.2AI score0.00426EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/01 11:12 a.m.24 views

CVE-2025-2237 WP RealEstate <= 1.6.26 - Unauthenticated Privilege Escalation via 'process_register'

The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to privilege escalation in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'processregister' function. This makes it possible for unauthenticated attackers to register an...

9.8CVSS0.00426EPSS
Exploits0References2
Rows per page
Query Builder