Description
The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the theme not properly restricting user roles that can be updated as part of the inspiry_update_profile() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to set their role to that of an administrator. The vulnerability was partially patched in version 4.4.0, and fully patched in version 4.4.1.
Published: 2025-06-10
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The RH – Real Estate WordPress Theme is vulnerable to a privilege escalation flaw that allows authenticated users with subscriber-level access and higher to elevate their own role to administrator by abusing the inspiry_update_profile() function. The issue occurs because the theme fails to restrict which user roles can be updated, enabling a user to set their role to administrator. This flaw is classified as CWE‑269 and can compromise confidentiality, integrity, and availability of the WordPress site if an attacker gains administrator privileges. A partial fix was included in version 4.4.0, but the vulnerability is fully addressed only in 4.4.1.

Affected Systems

The affected product is RH – Real Estate WordPress Theme by InspiryThemes. All releases up to and including version 4.4.0 are impacted. Versions 4.4.1 and newer contain a full patch that removes the ability for non-admin users to change roles through the profile update function.

Risk and Exploitability

The vulnerability carries a CVSS score of 8.8, indicating a high severity. The EPSS score is less than 1%, suggesting a low probability of real‑world exploitation, and it is not listed in the CISA KEV catalog. The likely attack vector is the theme’s profile update endpoint that is accessible to any logged‑in user; an attacker needs only authenticate at subscriber level or higher to manipulate their own role. While no confirmed exploits exist, the high impact of achieving administrator rights warrants immediate attention.

Generated by OpenCVE AI on April 20, 2026 at 22:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade RH – Real Estate WordPress Theme to version 4.4.1 or later, which removes the vulnerability.
  • If an immediate upgrade is not possible, insert a role check in the interfacing code so that only users with administrator capability can modify roles via inspiry_update_profile(), effectively blocking subscriber and lower roles.
  • Audit the WordPress user role table and site logs for unauthorized role assignments and revoke any accounts that have gained administrator privileges without legitimate authorization.

Generated by OpenCVE AI on April 20, 2026 at 22:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-17621 The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the theme not properly restricting user roles that can be updated as part of the inspiry_update_profile() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to set their role to that of an administrator. The vulnerability was partially patched in version 4.4.0, and fully patched in version 4.4.1.
History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.0005}

 epss

{'score': 0.00051}

Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00044}

 epss

{'score': 0.0005}

Tue, 10 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 10 Jun 2025 04:00:00 +0000

Type Values Removed Values Added
Description The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the theme not properly restricting user roles that can be updated as part of the inspiry_update_profile() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to set their role to that of an administrator. The vulnerability was partially patched in version 4.4.0, and fully patched in version 4.4.1.
Title RH - Real Estate WordPress Theme <= 4.4.0 - Authenticated (Subscriber+) Privilege Escalation
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:13:49.609Z

Reserved: 2025-05-12T17:44:22.374Z

Link: CVE-2025-4601

cve-icon Vulnrichment

Updated: 2025-06-10T14:10:09.978Z

cve-icon NVD

Status : Deferred

Published: 2025-06-10T04:15:49.113

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-4601

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T22:45:20Z

Weaknesses