Prime Listing Manager

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions due to a hardcoded secret.

AI Analysis

Unauthenticated privilege escalation due to hardcoded secret in Prime Listing Manager WordPress plugin

Basic Information

ID CVE-2025-14892

Source WPScan

Published Feb 12, 2026 at 06:00

Modified Feb 12, 2026 at 14:27

Affected Product

Vendor Unknown

Product Prime Listing Manager

Affected Versions Unknown Prime Listing Manager 0

CWE Classification

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor Unknown

Product Prime Listing Manager

Version 1.1

References

wpscan.com /vulnerability/d12332ec-1d0c-4ff5-94e0-7c4470bdb79c/

{
    "lastseen": "",
    "description": "The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions due to a hardcoded secret.",
    "published": "2026-02-12T06:00:05.732Z",
    "modified": "2026-02-12T14:27:04.380Z",
    "type": "cve",
    "title": "Prime Listing Manager <= 1.1 - Unauthenticated Privilege Escalation",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/d12332ec-1d0c-4ff5-94e0-7c4470bdb79c/",
    "id": "CVE-2025-14892",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Unknown Prime Listing Manager 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Prime Listing Manager",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "Unauthenticated privilege escalation due to hardcoded secret in Prime Listing Manager WordPress plugin",
    "ai_severity": "Critical",
    "ai_vendor": "Unknown",
    "ai_product": "Prime Listing Manager",
    "ai_version": "1.1",
    "ai_score": 9.8
}

Prime Listing Manager <= 1.1 - Unauthenticated Privilege Escalation_CVE-2025-14892