Realty Portal

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

The Realty Portal plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'rp_save_property_settings' function in versions 0.1 to 0.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.

Basic Information

ID CVE-2025-11985

Source Wordfence

Published Nov 21, 2025 at 07:31

Affected Product

Vendor nootheme

Product Realty Portal

Version 0.1

Affected Versions nootheme Realty Portal 0.1

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "The Realty Portal plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'rp_save_property_settings' function in versions 0.1 to 0.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.",
    "published": "2025-11-21T07:31:58.426Z",
    "modified": "2025-11-21T07:31:58.426Z",
    "type": "cve",
    "title": "Realty Portal <= 0.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e8263908-95b3-4b72-a9de-a982618eba2c?source=cve\nhttps://plugins.trac.wordpress.org/browser/realty-portal/tags/0.1/includes/property/process/ajax-save-property-setting.php#L189\nhttps://plugins.trac.wordpress.org/browser/realty-portal/tags/0.1/includes/property/process/ajax-save-property-setting.php#L198\nhttps://plugins.trac.wordpress.org/browser/realty-portal/tags/0.1/includes/functions/enqueue.php#L224\nhttps://cwe.mitre.org/data/definitions/862.html\nhttps://developer.wordpress.org/reference/functions/current_user_can/",
    "id": "CVE-2025-11985",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "nootheme Realty Portal 0.1",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Realty Portal",
    "version": "0.1",
    "vendor": "nootheme",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Realty Portal <= 0.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update_CVE-2025-11985