Plattform
wordpress
Komponente
realteo
Behoben in
1.2.9
CVE-2025-2232 represents a critical authentication bypass vulnerability affecting the Realteo - Real Estate Plugin for WordPress. This flaw allows unauthenticated attackers to register new user accounts with elevated Administrator privileges, effectively granting them complete control over the WordPress site. The vulnerability impacts versions 0 through 1.2.8 of the plugin, and a patch is available from the vendor.
The impact of this vulnerability is severe. An attacker exploiting CVE-2025-2232 can bypass authentication entirely and create an administrator account. This grants them unrestricted access to the WordPress site, including the ability to modify content, install malicious plugins, steal sensitive data (user credentials, customer information, financial details), and potentially compromise the entire server. The ease of exploitation, requiring no prior authentication, significantly increases the risk. This vulnerability shares similarities with other WordPress privilege escalation flaws where improper role assignment leads to unauthorized access.
CVE-2025-2232 was publicly disclosed on March 14, 2025. While no active exploitation campaigns have been definitively confirmed, the CRITICAL severity and ease of exploitation make it a high-priority target. A public proof-of-concept is likely to emerge, increasing the risk of widespread exploitation. The vulnerability is not currently listed on the CISA KEV catalog.
Websites utilizing the Realteo - Real Estate Plugin, particularly those running older, unpatched versions (0–1.2.8), are at significant risk. Shared hosting environments where multiple websites share the same server are also at increased risk, as a compromise of one site could potentially lead to the compromise of others. Sites relying on the Findeo Theme, which integrates with the plugin, are also affected.
• wordpress / composer / npm:
wp plugin list --status=active | grep Realteo• wordpress / composer / npm:
wp plugin update --all• wordpress / composer / npm:
wp plugin status realteo-real-estate-plugin• wordpress / composer / npm:
wp option get admin_user_email• wordpress / composer / npm:
wp user get admin --fields=rolesdisclosure
Exploit-Status
EPSS
0.88% (75% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to immediately upgrade the Realteo - Real Estate Plugin to a patched version. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing temporary workarounds. Restrict access to user registration pages using a WordPress firewall (WAF) or security plugin. Implement stricter role-based access controls within WordPress itself, ensuring that only authorized users can register new accounts. Monitor WordPress logs for suspicious user registration attempts. After upgrade, verify the fix by attempting to register a new user without authentication and confirming that the registration fails with an appropriate error message.
Aktualisieren Sie das Realteo Plugin auf eine korrigierte Version. Überprüfen Sie die Website von Purethemes oder das WordPress Repository auf die neueste verfügbare Version, die die Authentifizierungs-Bypass-Schwachstelle behebt. Stellen Sie sicher, dass Sie vor der Aktualisierung eine vollständige Sicherung der Website durchführen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-2232 is a CRITICAL vulnerability in the Realteo - Real Estate Plugin for WordPress allowing unauthenticated attackers to create administrator accounts, gaining full control of the site.
If you are using the Realteo - Real Estate Plugin for WordPress in versions 0 through 1.2.8, you are affected by this vulnerability. Check your plugin versions immediately.
The recommended fix is to immediately upgrade the Realteo - Real Estate Plugin to the latest patched version available from the vendor. If upgrading is not possible, implement temporary role-based access controls.
While no active campaigns have been confirmed, the vulnerability is considered high-priority and public proof-of-concept code is likely to emerge, increasing the risk of exploitation.
Refer to the Purethemes website and WordPress plugin repository for the latest advisory and patched version of the Realteo - Real Estate Plugin.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.