Primary

Context

RH Real Estate WordPress Theme Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability exists in the RH - Real Estate WordPress Theme, affecting all versions through 4.4.0. The issue arises because the theme's inspiry_update_profile() function does not properly manage user role permissions. This flaw allows authenticated users with subscriber-level access or higher to elevate their roles to administrator. While version 4.4.0 addressed part of this vulnerability, it was not until version 4.4.1 that a complete fix was implemented.

Impact

Exploitation of this vulnerability allows authenticated users with subscriber-level access and above to gain administrator privileges, potentially leading to unauthorized changes and access within the WordPress site.

Remediation

Users are advised to update the RH - Real Estate WordPress Theme to version 4.4.1 or later.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RH Real Estate WordPress Theme Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating