Description
The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to privilege escalation in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'process_register' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role.
Published: 2025-04-01
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The WP RealEstate WordPress plugin version 1.6.26 or earlier contains an uncontrolled privilege escalation flaw in the "process_register" function. Unauthenticated users can submit a registration request that is processed without proper role checks, creating a new account assigned the Administrator role. This flaw allows a malicious actor to gain full administrative access to the entire site, including content management, plugin configuration, and user data, without any authentication prerequisite.

Affected Systems

ApusThemes WP RealEstate plugin used by the Homeo theme is affected. All plugin versions up to and including 1.6.26 are vulnerable. No other product versions are known to be impacted.

Risk and Exploitability

The CVSS score of 9.8 reflects the catastrophic impact of the vulnerability. The EPSS score of less than 1% indicates that publicly known exploitation is currently rare, but the absence of the vulnerability from CISA's KEV catalog does not mitigate the risk. An attacker can exploit the flaw via a standard HTTP request to the process_register endpoint, with no prerequisite credentials. Because the exploit creates an administrator account, the entire site can be fully compromised once this vulnerability is leveraged.

Generated by OpenCVE AI on April 20, 2026 at 23:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the 'WP RealEstate' plugin to the latest release (1.6.27 or newer) to eliminate the privilege escalation flaw.
  • If an immediate update is not possible, uninstall the plugin to remove the vulnerable functionality.
  • Implement a WAF rule or security plugin setting to block unauthenticated access to the registration endpoint and enforce Subscriber as the default role.

Generated by OpenCVE AI on April 20, 2026 at 23:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-9319 The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to authentication bypass in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'process_register' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role.
History

Wed, 08 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to authentication bypass in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'process_register' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role. The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to privilege escalation in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'process_register' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role.
Title WP RealEstate <= 1.6.26 - Authentication Bypass via 'process_register' WP RealEstate <= 1.6.26 - Unauthenticated Privilege Escalation via 'process_register'

Tue, 01 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 01 Apr 2025 11:30:00 +0000

Type Values Removed Values Added
Description The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to authentication bypass in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'process_register' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role.
Title WP RealEstate <= 1.6.26 - Authentication Bypass via 'process_register'
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:33:41.122Z

Reserved: 2025-03-11T23:17:09.318Z

Link: CVE-2025-2237

cve-icon Vulnrichment

Updated: 2025-04-01T13:30:48.444Z

cve-icon NVD

Status : Deferred

Published: 2025-04-01T12:15:15.420

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-2237

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T23:30:16Z

Weaknesses