Description
Missing Authorization vulnerability in enituretechnology Residential Address Detection residential-address-detection allows Privilege Escalation.This issue affects Residential Address Detection: from n/a through <= 2.5.4.
Published: 2025-03-03
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to modify any option of the Residential Address Detection plugin without proper authorization, granting the ability to assume ad‑ministrative privileges within the WordPress installation. Missing authorization checks in the plugin’s option handling mean that changing configuration values is effectively a privilege escalation attack, corresponding to CWE-862.

Affected Systems

Eniture Technology’s Residential Address Detection plugin for WordPress, versions up to and including 2.5.4, is affected. Any site still running 2.5.4 or earlier remains at risk.

Risk and Exploitability

The CVSS score of 9.8 classifies the flaw as critical, while the EPSS score of < 1 % indicates a very low current likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The flaw permits arbitrary modification of plugin options without proper checks, enabling an attacker to elevate privileges, provided they can reach the option interface—most likely through any authenticated user session that has access to the plugin’s settings. No other prerequisites or conditions are documented in the available data.

Generated by OpenCVE AI on May 2, 2026 at 08:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest plugin version (>= 2.5.5),
  • If an update is not immediately possible, disable the plugin entirely or restrict access to its configuration page to administrators only,
  • Audit the site for unauthorized configuration changes and review logs for suspicious activity

Generated by OpenCVE AI on May 2, 2026 at 08:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-5607 Missing Authorization vulnerability in NotFound Residential Address Detection allows Privilege Escalation. This issue affects Residential Address Detection: from n/a through 2.5.4.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in NotFound Residential Address Detection allows Privilege Escalation. This issue affects Residential Address Detection: from n/a through 2.5.4. Missing Authorization vulnerability in enituretechnology Residential Address Detection residential-address-detection allows Privilege Escalation.This issue affects Residential Address Detection: from n/a through <= 2.5.4.
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 04 Mar 2025 03:45:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 03 Mar 2025 13:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in NotFound Residential Address Detection allows Privilege Escalation. This issue affects Residential Address Detection: from n/a through 2.5.4.
Title WordPress Residential Address Detection Plugin <= 2.5.4 - Arbitrary Option Update to Privilege Escalation vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:46.688Z

Reserved: 2025-02-21T16:44:52.128Z

Link: CVE-2025-27270

cve-icon Vulnrichment

Updated: 2025-03-03T15:54:04.587Z

cve-icon NVD

Status : Deferred

Published: 2025-03-03T14:15:58.540

Modified: 2026-06-17T09:03:18.807

Link: CVE-2025-27270

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T09:00:11Z

Weaknesses