{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-2232", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-03-11T22:28:58.175Z", "datePublished": "2025-03-14T11:15:52.827Z", "dateUpdated": "2026-04-08T17:14:44.752Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:14:44.752Z"}, "affected": [{"vendor": "PureThemes", "product": "Realteo", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.2.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'do_register_user' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role."}], "title": "Realteo - Real Estate Plugin by Purethemes <= 1.2.8 - Authentication Bypass via 'do_register_user'", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/abe73ecd-1325-4d6d-8545-d27f6116ca43?source=cve"}, {"url": "https://docs.purethemes.net/findeo/knowledge-base/changelog-findeo/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-269 Improper Privilege Management", "cweId": "CWE-269", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Tonn"}], "timeline": [{"time": "2025-03-13T22:09:34.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-14T12:39:37.845357Z", "id": "CVE-2025-2232", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-14T12:42:27.868Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2232", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-14T12:39:37.845357Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-14T12:42:23.992Z"}}], "cna": {"title": "Realteo - Real Estate Plugin by Purethemes <= 1.2.8 - Authentication Bypass via 'do_register_user'", "credits": [{"lang": "en", "type": "finder", "value": "Tonn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "PureThemes", "product": "Realteo", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.2.8"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-03-13T22:09:34.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/abe73ecd-1325-4d6d-8545-d27f6116ca43?source=cve"}, {"url": "https://docs.purethemes.net/findeo/knowledge-base/changelog-findeo/"}], "descriptions": [{"lang": "en", "value": "The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'do_register_user' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:14:44.752Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2232", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:14:44.752Z", "dateReserved": "2025-03-11T22:28:58.175Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-03-14T11:15:52.827Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:purethemes:realteo:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "65F80A73-B8EA-48BF-81FC-4F4A14E994A6", "versionEndExcluding": "1.2.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'do_register_user' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role."}, {"lang": "es", "value": "El complemento Realteo - Real Estate Plugin by Purethemes para WordPress, utilizado por el tema Findeo, es vulnerable a la omisi\u00f3n de autenticaci\u00f3n en todas las versiones hasta la 1.2.8 incluida. Esto se debe a restricciones de rol insuficientes en la funci\u00f3n \"do_register_user\". Esto permite que atacantes no autenticados registren una cuenta con el rol de administrador."}], "id": "CVE-2025-2232", "lastModified": "2025-03-25T20:13:28.670", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-03-14T12:15:14.887", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://docs.purethemes.net/findeo/knowledge-base/changelog-findeo/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/abe73ecd-1325-4d6d-8545-d27f6116ca43?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@wordfence.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T23:34:02.370418+00:00", "value": {"mitigation_remediation": ["Upgrade the Realteo plugin to the latest version, which removes the role\u2011by\u2011user functionality or corrects the role assignment logic.", "If an upgrade is not immediately possible, limit access to the registration endpoint by firewall rules or by disabling public registration in WordPress settings, then manually set new user roles to non\u2011admin.", "Continuously monitor the WordPress user database for newly created Administrator accounts and audit any unexpected changes to user roles."], "summary": {"action": "Apply Patch", "impact": "Authentication Bypass"}, "threat_synthesis": {"affected_systems": "Users of the PureThemes Realteo plugin, version 1.2.8 or earlier, on WordPress installations that employ the Findeo theme, are susceptible. The plugin\u2019s role handling flaw exists across all affected releases, with no service or environment constraints documented.", "description_and_impact": "The Realteo plugin for WordPress allows any unauthenticated user to register an account with Administrator privileges because the do_register_user function does not restrict role assignment. The vulnerability is a classic authentication bypass that gives a malicious actor full site control, including content creation, user management, and potential data exfiltration. The weakness is categorized as CWE\u2011269: Improper Restriction of Excessive Privileges.", "risk_and_exploitability": "The CVSS score of 9.8 classifies this as a critical flaw, and although the EPSS score is currently below 1\u202f%, the vulnerability remains exploitable because the attack requires only a web request to the public registration endpoint and no authentication credentials. The lack of CISA KEV listing does not diminish the potential impact; any site using a vulnerable plugin version can be compromised at any time."}}}}, "created": "2026-04-20T23:45:21.602133+00:00", "updated": "2026-04-20T23:45:21.602143+00:00", "vendors": []}