CVE-2025-1515

Published Mar 5, 2025

Last updated a month ago

CVSS critical 9.8

Overview

Description
The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.8. This is due to insufficient identity verification on the LinkedIn login request process. This makes it possible for unauthenticated attackers to bypass official authentication and log in as any user on the site, including administrators.
Source
security@wordfence.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security@wordfence.com
CWE-288

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-1515 ⚠️🔴 CRITICAL (9.8) 🏢 Chimpstudio - WP Real Estate Manager 🏗️ * 🔗 https://t.co/khqcAd3Haf 🔗 https://t.co/Fycc4Ryx2S #CyberCron #VulnAlert #InfoSec https://t.co/7BbjerJWNC

    @cybercronai

    5 Mar 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References