Platform
wordpress
Component
prime-listing-manager
Fixed in
1.1.1
CVE-2025-14892 is a critical privilege escalation vulnerability affecting the Prime Listing Manager WordPress plugin. This flaw allows an attacker to bypass authentication and gain administrative access, enabling them to perform unauthorized actions on the targeted WordPress site. The vulnerability impacts versions 0 through 1.1, and a fix is pending release from the vendor.
The impact of CVE-2025-14892 is severe. An attacker exploiting this vulnerability can achieve full administrative control over the WordPress site without needing any credentials. This grants them the ability to modify content, install malicious plugins, steal sensitive data (user information, database contents), and potentially compromise the entire server infrastructure. The lack of authentication required makes this vulnerability particularly dangerous, as it can be exploited by anyone with access to the site's URL. This is akin to a complete bypass of security controls, allowing for unrestricted access and manipulation of the website’s functionality and data.
CVE-2025-14892 has been published on 2026-02-12. Its CRITICAL CVSS score indicates a high likelihood of exploitation. Public proof-of-concept (POC) code is likely to emerge quickly, increasing the risk of widespread attacks. Monitor security advisories and threat intelligence feeds for updates on exploitation attempts and potential campaigns targeting vulnerable WordPress sites.
Exploit Status
EPSS
0.02% (6% percentile)
CVSS Vector
Due to the lack of a fixed version, immediate mitigation is crucial. The primary recommendation is to temporarily disable the Prime Listing Manager plugin until a patch is released. If disabling is not feasible, consider implementing strict access controls and monitoring for suspicious activity. While a direct workaround is unavailable, implementing a Web Application Firewall (WAF) with rules to block unauthorized access attempts to the plugin's administrative functions can provide a temporary layer of protection. Regularly review WordPress security best practices and ensure all other plugins and themes are up to date to minimize the overall attack surface.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-14892 is a critical vulnerability in the Prime Listing Manager WordPress plugin that allows attackers to gain administrative access without authentication, enabling unauthorized actions.
If you are using the Prime Listing Manager WordPress plugin in versions 0–1.1, you are potentially affected by this vulnerability. Immediate action is required.
Currently, there is no fixed version available. The recommended mitigation is to disable the plugin until a patch is released by the vendor. Monitor for updates.
While no active exploitation has been confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of exploitation attempts in the near future.
Refer to the Prime Listing Manager plugin's official website or WordPress plugin repository for updates and advisories regarding CVE-2025-14892.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.