CVE-2025-69192
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2026-01-22

Last updated on: 2026-01-26

Assigner: Patchstack

Description
Missing Authorization vulnerability in e-plugins Real Estate Pro real-estate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Pro: from n/a through <= 2.1.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-01-26
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-14
NVD
CVE-2025-69192
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-69192 is a Broken Access Control vulnerability in the WordPress Real Estate Pro plugin (up to version 2.1.5). It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, allowing unauthenticated users to perform actions that should require higher privileges. This means attackers can exploit the plugin without logging in to carry out unauthorized actions. [1]

Impact Analysis

This vulnerability can have a significant impact by allowing attackers to bypass access controls and perform privileged actions without authentication. This can lead to unauthorized changes, data exposure, or other malicious activities on websites using the affected plugin. Because it requires no prior authentication, it poses a high risk and can be exploited easily, potentially compromising the security and integrity of the affected site. [1]

Mitigation Strategies

Apply the mitigation rule developed and issued by Patchstack to block attacks exploiting this vulnerability until an official patch is released. Users are strongly advised to implement this mitigation immediately to protect their websites. Additionally, maintain rapid vulnerability mitigation and continuous security monitoring to safeguard your WordPress site against exploitation of this flaw. [1]

Detection Guidance

The provided resources do not include specific commands or detailed detection methods for identifying this vulnerability on your network or system. However, since the vulnerability involves missing authorization checks in the Real Estate Pro WordPress plugin (up to version 2.1.5), detection typically involves monitoring for unauthorized access attempts or unusual activity targeting plugin endpoints. Patchstack has issued a mitigation rule to block exploitation attempts, which implies that using their security tools or firewall rules could help detect or prevent attacks. For precise detection commands or scripts, you may need to consult additional security advisories or tools specialized in WordPress plugin vulnerability scanning. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69192. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart