Description
The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the theme not properly restricting user roles that can be updated as part of the inspiry_update_profile() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to set their role to that of an administrator. The vulnerability was partially patched in version 4.4.0, and fully patched in version 4.4.1.
Published: 2025-06-10
Score: 8.8 High
EPSS: 4.2% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The RH – Real Estate WordPress Theme contains a privilege escalation flaw that allows any authenticated user with subscriber permissions or higher to change their own role through the theme’s profile update feature. Specifically, the inspiry_update_profile() function does not restrict the roles that can be set, enabling a user to promote themselves to administrator. The flaw is classified as CWE‑269 and provides an attacker with full administrative capabilities on the WordPress site.

Affected Systems

The affected product is the RH – Real Estate WordPress Theme by InspiryThemes. All releases up to and including version 4.4.0 are vulnerable; version 4.4.1 and newer contain a full patch that removes the ability for non-administrative users to change roles via the profile update function.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.8, indicating high severity. The EPSS score of 4% suggests a low probability of exploitation at present, and it is not listed in the CISA KEV catalog. The likely attack vector is the theme’s profile update endpoint which is accessible to any logged‑in user. An attacker only needs to be authenticated at subscriber level or higher to elevate their privileges. While no public exploits are reported, the impact of gaining administrator rights warrants prompt remediation.

Generated by OpenCVE AI on June 18, 2026 at 06:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the RH – Real Estate WordPress Theme to version 4.4.1 or newer, which eliminates the role‑change vulnerability.
  • If an upgrade cannot be performed immediately, modify the theme’s code to add a role check in inspiry_update_profile(), allowing only users with administrator capability to modify roles.
  • Review the WordPress user database and site logs for any accounts that have been unexpectedly granted administrator privileges, and remove or re‑revoke those permissions.

Generated by OpenCVE AI on June 18, 2026 at 06:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-17621 The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the theme not properly restricting user roles that can be updated as part of the inspiry_update_profile() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to set their role to that of an administrator. The vulnerability was partially patched in version 4.4.0, and fully patched in version 4.4.1.
History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.0005}

 epss

{'score': 0.00051}

Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00044}

 epss

{'score': 0.0005}

Tue, 10 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 10 Jun 2025 04:00:00 +0000

Type Values Removed Values Added
Description The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the theme not properly restricting user roles that can be updated as part of the inspiry_update_profile() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to set their role to that of an administrator. The vulnerability was partially patched in version 4.4.0, and fully patched in version 4.4.1.
Title RH - Real Estate WordPress Theme <= 4.4.0 - Authenticated (Subscriber+) Privilege Escalation
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:13:49.609Z

Reserved: 2025-05-12T17:44:22.374Z

Link: CVE-2025-4601

cve-icon Vulnrichment

Updated: 2025-06-10T14:10:09.978Z

cve-icon NVD

Status : Deferred

Published: 2025-06-10T04:15:49.113

Modified: 2026-06-17T09:33:36.343

Link: CVE-2025-4601

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T07:00:16Z

Weaknesses
  • CWE-269

    Improper Privilege Management