CVE-2025-2237

Critical CVSS: 9.8

The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to authentication bypass in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'process_register' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role.

Vendor

Product

CWE

CWE-269

Yayın Tarihi

2025-04-01 12:15:15

Güncelleme

2025-04-01 20:26:11

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-269 CRITICAL 2025

Referanslar

https://themeforest.net/item/homeo-real-estate-wordpress-theme/26372986#item-description__updates-history https://www.wordfence.com/threat-intel/vulnerabilities/id/f6f7bff6-3bc3-4572-97fd-a039d54ac0ff?source=cve