6 matches found
WordPress WP RealEstate plugin <= 1.6.26 - Authentication Bypass via 'process_register' vulnerability
Authentication Bypass via 'processregister' vulnerability discovered by Tonn in WordPress Plugin WP RealEstate versions = 1.6.26...
CVE-2025-2237
The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to privilege escalation in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'processregister' function. This makes it possible for unauthenticated attackers to register an...
CVE-2025-2237
creationtimestamp| type| source ---|---|--- 2025-04-01 11:34:30+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9872 2025-04-01 12:40:18+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3llqvfgouaa2v 2025-04-01 13:48:33+00:00| seen|...
CVE-2025-2237 WP RealEstate <= 1.6.26 - Unauthenticated Privilege Escalation via 'process_register'
The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to privilege escalation in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'processregister' function. This makes it possible for unauthenticated attackers to register an...
CVE-2025-2237
CVE-2025-2237 affects WP RealEstate (WordPress plugin) with authentication bypass via process_register in all versions up to 1.6.26, allowing unauthenticated attackers to register as Administrator. Root cause: insufficient role restrictions in the plugin. Impact, as stated by trusted sources: una...
CVE-2025-2237 WP RealEstate <= 1.6.26 - Unauthenticated Privilege Escalation via 'process_register'
The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to privilege escalation in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'processregister' function. This makes it possible for unauthenticated attackers to register an...