Primary

Context

WP RealEstate Plugin Authentication Bypass Vulnerability in WordPress

Vulnerability

A vulnerability allowing authentication bypass has been identified in the WP RealEstate plugin for WordPress, specifically in versions through 1.6.26. This issue arises from inadequate role restrictions in the 'process_register' function, enabling unauthenticated attackers to register accounts with Administrator privileges.

Impact

Exploitation of this vulnerability allows unauthenticated users to gain Administrator roles on the WordPress site.

Remediation

Users can update to version 1.6.27 or a newer patched version to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WP RealEstate Plugin Authentication Bypass Vulnerability in WordPress

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating