CVE-2025-67968
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-01-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| inspiritythemes | real_homes_crm | 1.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-67968 is an Arbitrary File Upload vulnerability in the WordPress Real Homes CRM Plugin (versions up to 1.0.0). It allows an attacker with subscriber or developer privileges to upload any type of file, including malicious files such as backdoors, to the affected website. These malicious files can then be executed to gain unauthorized access or control over the website. The vulnerability is highly dangerous with a CVSS score of 9.9 and falls under the OWASP Top 10 category A3: Injection. [1]
How can this vulnerability impact me? :
This vulnerability can lead to severe security breaches including unauthorized access to your website, execution of malicious code, installation of backdoors, and potential full compromise of the affected system. Attackers can exploit this flaw to control the website, steal data, or use the site as a platform for further attacks. It poses a high risk to the integrity and security of your website and data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve monitoring for arbitrary file uploads to the Real Homes CRM plugin on your WordPress site, especially files with dangerous types or unexpected extensions. Since the vulnerability allows uploading malicious backdoors, checking upload directories for suspicious files or unexpected changes can help. Specific commands are not provided in the resource, but typical approaches include scanning upload folders for new or unusual files and reviewing web server logs for suspicious POST requests targeting the plugin's upload functionality. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Real Homes CRM Plugin to version 1.0.1 or later, where the vulnerability is fixed. Until the update can be applied, Patchstack provides a mitigation rule to block attacks targeting this vulnerability. Enabling auto-updates for vulnerable plugins via Patchstack is also recommended to ensure rapid protection. [1]