Themes Vulnerabilities

Real Estate 7 < 3.5.3 - Unauthenticated Privilege Escalation

Description

The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.2. This makes it possible for unauthenticated attackers to elevate their privileges to that of an administrator.

Affects Themes

realestate-7
Fixed in 3.5.3

References

CVE
CVE-2025-39459
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/eb58dd93-3789-46c6-bfca-7866427e077d

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Ananda Dhakal
Verified
No
WPVDB ID
bd01c447-5263-4050-bdfd-e2c90d65c783

Timeline

Publicly Published
2025-04-17 (about 10 months ago)
Added
2025-04-22 (about 10 months ago)
Last Updated
2025-04-22 (about 10 months ago)

Other

Published
Title
Published
2020-01-20
Title
2J SlideShow < 1.3.40 - Authenticated Arbitrary Plugin Deactivation
Published
2023-08-11
Title
Premium Packages - Sell Digital Products Securely < 5.7.5 - Subscriber+ Privilege Escalation
Published
2024-08-07
Title
Woffice < 5.4.12 - Unauthenticated Privilege Escalation
Published
2025-03-07
Title
Javo Core < 3.0.0.266 - Unauthenticated Privilege Escalation in ajax_signup
Published
2024-09-14
Title
Login with phone number < 1.7.50 - Authenticated (Subscriber+) Authorization Bypass to Privilege Escalation