CVE-2025-2232

The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'do_register_user' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role.
Configurations

Configuration 1 (hide)

cpe:2.3:a:purethemes:realteo:*:*:*:*:*:wordpress:*:*

History

25 Mar 2025, 20:13

Type Values Removed Values Added
References () https://docs.purethemes.net/findeo/knowledge-base/changelog-findeo/ - () https://docs.purethemes.net/findeo/knowledge-base/changelog-findeo/ - Product
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/abe73ecd-1325-4d6d-8545-d27f6116ca43?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/abe73ecd-1325-4d6d-8545-d27f6116ca43?source=cve - Third Party Advisory
CPE cpe:2.3:a:purethemes:realteo:*:*:*:*:*:wordpress:*:*
Summary
  • (es) El complemento Realteo - Real Estate Plugin by Purethemes para WordPress, utilizado por el tema Findeo, es vulnerable a la omisión de autenticación en todas las versiones hasta la 1.2.8 incluida. Esto se debe a restricciones de rol insuficientes en la función "do_register_user". Esto permite que atacantes no autenticados registren una cuenta con el rol de administrador.
First Time Purethemes
Purethemes realteo
CWE NVD-CWE-noinfo

14 Mar 2025, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-03-14 12:15

Updated : 2025-03-25 20:13


NVD link : CVE-2025-2232

Mitre link : CVE-2025-2232

CVE.ORG link : CVE-2025-2232


JSON object : View

Products Affected

purethemes

  • realteo
CWE
CWE-269

Improper Privilege Management

NVD-CWE-noinfo