Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-2232

Опубликовано: 14 мар. 2025
Источник: nvd
CVSS3: 9.8
EPSS Низкий

Описание

The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'do_register_user' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:purethemes:realteo:*:*:*:*:*:wordpress:*:*
Версия до 1.2.9 (исключая)

EPSS

Процентиль: 71%
0.00669
Низкий

9.8 Critical

CVSS3

Дефекты

CWE-269
NVD-CWE-noinfo

Связанные уязвимости

github логотип

GHSA-cghv-p6j4-5ch6

CVSS3: 9.8
github
11 месяцев назад

The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'do_register_user' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role.

EPSS

Процентиль: 71%
0.00669
Низкий

9.8 Critical

CVSS3

Дефекты

CWE-269
NVD-CWE-noinfo