CVE-2025-6190
BaseFortify
Publication date: 2025-07-23
Last updated on: 2025-07-25
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nootheme | realty_portal_agent | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Realty Portal β Agent plugin for WordPress versions 0.1.0 through 0.3.9. It is a privilege escalation issue caused by missing authorization checks in the rp_user_profile() AJAX handler. The handler accepts meta key and value pairs from user input and passes them directly to update_user_meta() without restricting which keys can be updated. As a result, authenticated users with Subscriber-level access or higher can overwrite the wp_capabilities meta key and escalate their privileges to administrator.
How can this vulnerability impact me? :
An attacker with at least Subscriber-level access can exploit this vulnerability to escalate their privileges to administrator. This means they can gain full control over the WordPress site, potentially allowing them to modify content, install malicious plugins, steal data, or disrupt site operations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the Realty Portal β Agent plugin for WordPress to a version later than 0.3.9 where the authorization check in the rp_user_profile() AJAX handler is properly implemented. Additionally, restrict access to the AJAX handler to trusted roles only and monitor user roles for unauthorized changes, especially the wp_capabilities meta key.