- Description
- The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'template-submit-listing.php' file in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with Seller-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible if front-end listing submission has been enabled.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-434
- Hype score
- Not currently trending
๐จ CVE-2025-2891 ๐ด HIGH (8.8) ๐ข contempoinc - Real Estate 7 WordPress ๐๏ธ * ๐ https://t.co/RW29LyC0cJ ๐ https://t.co/x1a8v8HmAx #CyberCron #VulnAlert #InfoSec https://t.co/WsNOPdVIW6
@cybercronai
1 Apr 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2025-2891 | contempoinc Real Estate 7 WordPress Plugin up to 3.5.4 on WordPress template-submit-listing.php unrestricted upload) has been published on https://t.co/t1JUnrCbvP
@WolfgangSesin
1 Apr 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๏ฟฝ๏ฟฝ CVE-2025-2891 - WordPress - HIGH ๐จ ๐๏ธ Date published 2025-04-01 08:15:15 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/YJDeaGQEJf
@vulns_space
1 Apr 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes