- Description
- The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'do_register_user' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-269
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
🚨 CVE-2025-2232 ⚠️🔴 CRITICAL (9.8) 🏢 PureThemes - Realteo 🏗️ * 🔗 https://t.co/pWWHYbYaoA 🔗 https://t.co/Qck5tRi7Ck #CyberCron #VulnAlert #InfoSec https://t.co/FKjtzRTiA4
@cybercronai
14 Mar 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-2232: CRITICAL] WordPress Realteo Real Estate Plugin by Purethemes has an authentication bypass vulnerability allowing unauthenticated attackers to register an account with Administrator rights. Upgrade ...#cybersecurity,#vulnerability https://t.co/ODOcBvzoB7 https://t.
@CveFindCom
14 Mar 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:purethemes:realteo:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "65F80A73-B8EA-48BF-81FC-4F4A14E994A6",
"versionEndExcluding": "1.2.9"
}
],
"operator": "OR"
}
]
}
]