CVE-2025-2891 - Vulnerability Details

- WP Pro Real Estate 7 <= 3.5.4 - Authenticated (Custom) Arbitrary File Upload

Description

The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'template-submit-listing.php' file in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with Seller-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible if front-end listing submission has been enabled.

Published: 2025-04-01

Score: 8.8 High

EPSS: 1.5% Low

KEV: No

Impact:

Action:

Analysis

Impact

The Real Estate 7 WordPress theme contains a flaw that allows authenticated users with Seller-level access and higher to upload any file type through the template-submit-listing.php script. The lack of file type validation means that attackers can place executable code on the server, and if front‑end listing submission is enabled, the uploaded file can be executed, giving the attacker full control of the site.

Affected Systems

The vulnerability affects all instances of the Real Estate 7 theme for WordPress up to and including version 3.5.4. WordPress sites running this theme and employing Seller‑level users are impacted. The affected product is identified by the CNA as "contempo inc:Real Estate 7 WordPress".

Risk and Exploitability

The CVSS score of 8.8 identifies high severity. The EPSS score of 2% indicates that exploitation, while still relatively low probability, is plausible. The vulnerability is not listed in CISA’s KEV catalog, but the combination of high CVSS and an authenticated upload vector suggests meaningful risk, especially when listing submission is enabled.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

contempoinc

Real Estate 7 WordPress

unaffected

Version	Status	Constraints
`0`	affected	≤ 3.5.4

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Real Estate 7 theme to the latest version (3.5.5 or newer) as documented in the theme’s changelog.
If an upgrade cannot be performed immediately, disable front‑end listing submission or configure the site to only allow uploads of safe file types by enforcing a whitelist and rejecting disallowed MIME types.
Apply server‑side file‑type validation and disable PHP execution for uploaded files, for example by setting appropriate permissions or using a security plugin to monitor upload activity.

Generated by OpenCVE AI on May 12, 2026 at 14:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-9325	The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'template-submit-listing.php' file in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with Seller-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible if front-end listing submission has been enabled.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01543.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://contempothemes.com/changelog/
https://www.wordfence.com/threat-intel/vulnerabilities/id/5c83457d-ba06-43c5-acdd-77dbfb0d4af4?source=cve

History

Tue, 01 Apr 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 01 Apr 2025 07:45:00 +0000

Type	Values Removed	Values Added
Description		The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'template-submit-listing.php' file in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with Seller-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible if front-end listing submission has been enabled.
Title		WP Pro Real Estate 7 <= 3.5.4 - Authenticated (Custom) Arbitrary File Upload
Weaknesses		CWE-434
References		https://contempothemes.com/changelog/ https://www.wordfence.com/threat-intel/vulnerabilities/id/5c83457d-ba06-43c5-acdd-77dbfb0d4af4?source=cve
Metrics		cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2025-04-01T07:29:12.911Z

Updated: 2026-04-08T16:55:37.998Z

Reserved: 2025-03-27T22:33:54.107Z

Link: CVE-2025-2891

Vulnrichment

Updated: 2025-04-01T13:57:25.920Z

NVD

Status : Deferred

Published: 2025-04-01T08:15:15.120

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-2891

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-12T14:45:17Z

Weaknesses

CWE-434

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object