vulnerability

WordPress Theme: realhomes: CVE-2025-4601: Improper Privilege Management

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	Jun 9, 2025	Dec 8, 2025	Dec 8, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

Jun 9, 2025

Added

Dec 8, 2025

Modified

Dec 8, 2025

Description

The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the theme not properly restricting user roles that can be updated as part of the inspiry_update_profile() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to set their role to that of an administrator. The vulnerability was partially patched in version 4.4.0, and fully patched in version 4.4.1.

Solution

realhomes-theme-cve-2025-4601

References

URL-https://www.cve.org/CVERecord?id=CVE-2025-4601
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/a816e5a8-2494-4bcf-869d-5214b21f7791?source=api-prod
CVE-2025-4601
https://attackerkb.com/topics/CVE-2025-4601
CWE-269

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today