Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/11 7:11 a.m.25 views

CVE-2025-2253

The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3. This is due to the plugin not properly validating a verification code value prior to updating their password through the imicresetpasswordinit function. This makes it...

9.8CVSS7.5AI score0.00701EPSS
Exploits0References1
NVD
NVD
added 2025/05/09 7:16 a.m.26 views

CVE-2025-2253

The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3. This is due to the plugin not properly validating a verification code value prior to updating their password through the imicresetpasswordinit function. This makes it...

9.8CVSS0.00701EPSS
Exploits0References2
CVE
CVE
added 2025/05/09 6:42 a.m.50 views

CVE-2025-2253

CVE-2025-2253 affects the IMITHEMES Listing plugin (≤3.3). The issue is unauthenticated privilege escalation caused by the plugin not properly validating a verification code before updating passwords via imic_reset_password_init(), enabling password changes for any user (including admins) if the ...

9.8CVSS9.8AI score0.00701EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/09 6:42 a.m.7 views

CVE-2025-2253 IMITHEMES Listing <= 3.3 - Unauthenticated Privilege Escalation via Unverified Password Reset

The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3. This is due to the plugin not properly validating a verification code value prior to updating their password through the imicresetpasswordinit function. This makes it...

9.8CVSS9.8AI score0.00701EPSS
Exploits0References2
Rows per page
Query Builder