Vulnerabilities

CVE-2025-11985 - Realty Portal <= 0.4.1 - missing authorization to authenticated (subscriber+) ar...

2025-11-21 2 views admin

CVE ID : CVE-2025-11985 Published : Nov. 21, 2025, 8:15 a.m. | 1 hour, 11 minutes ago Description : The Realty Portal plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'rp_save_property_settings' function in versions 0.1 to 0.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-11985

Severity

HIGH

Published

Nov. 21, 2025

Affected Product: WordPress

Impact: privilege escalation

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-11985highwordpress

CVE-2025-11985 - Realty Portal <= 0.4.1 - missing authorization to authenticated (subscriber+) ar...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2026-3134 - itsourcecode News Portal Project edit-category.php sql injection

CVE-2026-3133 - itsourcecode Document Management System Login loging.php sql injection

CVE-2025-46320 - FileMaker WebDirect Cross-Site Scripting (XSS)

CVE-2026-21410 - InSAT MasterSCADA BUK-TS SQL Injection

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting