The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin for WordPress is vulnerable to privilege escalation via account takeover in all ve

WORDPRESS

10-09-2025 10:44

CVE-2025-7718 Vulnerabilidad documentada

Sin puntuación

Tags

#wordpress

#plugin

#reset

#change

#admin

#add

#attackers

#authenticated

#arbitrary

#vulnerable

#privilege escalation

#privilege

#pass

#password

#attack

#access

Descripción

The Resideo Plugin for - Real Estate WordPress Theme plugin is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.5.4. This due the not properly validating a user's identity prior updating their details like email. makes it possible authenticated attackers, with Subscriber-level access above, change arbitrary email addresses, including administrators, leverage that reset password gain account.

https://themeforest.net/item/resideo-real-estate-wordpress-theme/27791406

https://www.wordfence.com/threat-intel/vulnerabilities/id/f8375ecf-e64b-4649-9341-fa45bf5556c3?source=cve

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-7718

Resultados similares

Coincidentes en almenos en 50% de los tags

10-09-2025 CVE-2025-9979
The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and pri...
Ver información

10-09-2025 CVE-2025-9888
The Maspik – Ultimate Spam Protection plugin for WordPress is vulnerable to Cross-Site Reques...
Ver información