Lucene search
K

5 matches found

NVD
NVD
added 2025/04/01 12:15 p.m.22 views

CVE-2025-2237

The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to privilege escalation in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'processregister' function. This makes it possible for unauthenticated attackers to register an...

9.8CVSS0.00426EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/01 11:12 a.m.7 views

CVE-2025-2237 WP RealEstate <= 1.6.26 - Unauthenticated Privilege Escalation via 'process_register'

The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to privilege escalation in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'processregister' function. This makes it possible for unauthenticated attackers to register an...

9.8CVSS7.3AI score0.00426EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/01 11:12 a.m.22 views

CVE-2025-2237 WP RealEstate <= 1.6.26 - Unauthenticated Privilege Escalation via 'process_register'

The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to privilege escalation in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'processregister' function. This makes it possible for unauthenticated attackers to register an...

9.8CVSS0.00426EPSS
Exploits0References2
CVE
CVE
added 2025/04/01 11:12 a.m.54 views

CVE-2025-2237

CVE-2025-2237 affects WP RealEstate (WordPress plugin) with authentication bypass via process_register in all versions up to 1.6.26, allowing unauthenticated attackers to register as Administrator. Root cause: insufficient role restrictions in the plugin. Impact, as stated by trusted sources: una...

9.8CVSS7.2AI score0.00426EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.3 views

PT-2025-14092 · WordPress · Wp Realestate

Name of the Vulnerable Software and Affected Versions: WP RealEstate plugin versions up to, and including, 1.6.26 Description: The issue is related to insufficient role restrictions in the process register function, allowing unauthenticated attackers to register an account with the Administrator...

9.8CVSS9.4AI score0.00426EPSS
Exploits0References9
Rows per page
Query Builder