Plattform
wordpress
Komponente
prime-listing-manager
Behoben in
1.1.1
CVE-2025-14892 is a critical privilege escalation vulnerability affecting the Prime Listing Manager WordPress plugin. This flaw allows an attacker to bypass authentication and gain administrative access, enabling them to perform unauthorized actions on the targeted WordPress site. The vulnerability impacts versions 0 through 1.1, and a fix is pending release from the vendor.
The impact of CVE-2025-14892 is severe. An attacker exploiting this vulnerability can gain complete control over a WordPress site without needing any user credentials. This includes the ability to modify content, install malicious plugins, steal sensitive data (user information, database contents), and potentially pivot to other systems on the network. The hardcoded secret provides a simple and direct path to administrative privileges, making exploitation relatively straightforward. This vulnerability is akin to a 'backdoor' allowing unauthorized access.
CVE-2025-14892 was publicly disclosed on 2026-02-12. No public proof-of-concept (PoC) code has been released at the time of writing, but the simplicity of the vulnerability suggests that a PoC is likely to emerge. It is not currently listed on CISA KEV. Active exploitation is not yet confirmed, but the ease of exploitation makes it a high-priority target.
Exploit-Status
EPSS
0.02% (6% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2025-14892 is to immediately upgrade the Prime Listing Manager plugin to a version that addresses the hardcoded secret. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the plugin. While a WAF might offer some protection, it's unlikely to be effective against this specific vulnerability due to the nature of the hardcoded secret. There are no specific Sigma or YARA rules readily available for this vulnerability, but monitoring plugin file integrity is recommended.
Kein bekannter Patch verfügbar. Bitte überprüfen Sie die Details der Vulnerabilität im Detail und setzen Sie Schutzmaßnahmen basierend auf der Risikobereitschaft Ihrer Organisation um. Es kann am besten sein, die betroffene Software zu deinstallieren und eine Alternative zu finden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-14892 is a critical vulnerability in the Prime Listing Manager WordPress plugin that allows attackers to gain administrative access without authentication, enabling unauthorized actions.
If you are using the Prime Listing Manager WordPress plugin in versions 0–1.1, you are potentially affected by this vulnerability. Immediate action is required.
Currently, there is no fixed version available. The recommended mitigation is to disable the plugin until a patch is released by the vendor. Monitor for updates.
While no active exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of exploitation attempts in the near future.
Refer to the Prime Listing Manager plugin's official website or WordPress plugin repository for updates and advisories regarding CVE-2025-14892.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.