- Description
- The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to authentication bypass in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'process_register' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-269
- Hype score
- Not currently trending
๐จ CVE-2025-2237 โ ๏ธ๐ด CRITICAL (9.8) ๐ข ApusThemes - WP RealEstate ๐๏ธ * ๐ https://t.co/4pOaFxRNsx ๐ https://t.co/T2ficEqnj7 #CyberCron #VulnAlert #InfoSec https://t.co/6ccpXAduUe
@cybercronai
1 Apr 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๏ฟฝ๏ฟฝ CVE-2025-2237 - WordPress - HIGH ๐จ ๐๏ธ Date published 2025-04-01 12:15:15 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/fqlQlUsEsl
@vulns_space
1 Apr 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-2237: CRITICAL] WordPress RealEstate plugin in Homeo theme has a critical vulnerability (up to v1.6.26) allowing attackers to bypass authentication & gain admin access due to role restrictions issue.#cybersecurity,#vulnerability https://t.co/Fc4xnLXSsl https://t.co/
@CveFindCom
1 Apr 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes