Primary

Context

Resido Real Estate WordPress Theme Missing Authorization Vulnerability in API Key Management

Vulnerability

A vulnerability exists in the Resido - Real Estate WordPress Theme, affecting all versions through 3.6. The issue arises from a lack of proper capability checks on the delete_api_key and save_api_key AJAX actions. This flaw allows unauthenticated attackers to send requests to internal services, potentially manipulating API key information.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in API key settings, allowing attackers to interfere with internal services that rely on these keys.

Remediation

Users are advised to update the theme to version 3.6.1 or a later patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Resido Real Estate WordPress Theme Missing Authorization Vulnerability in API Key Management

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating