{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-6934", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-30T17:52:44.462Z", "datePublished": "2025-07-01T06:43:03.156Z", "dateUpdated": "2026-04-08T16:55:51.677Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:55:51.677Z"}, "affected": [{"vendor": "wpopal", "product": "Opal Estate Pro \u2013 Property Management and Submission", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.7.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Opal Estate Pro \u2013 Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is due to a lack of role restriction during registration in the 'on_regiser_user' function. This makes it possible for unauthenticated attackers to arbitrarily choose the role, including the Administrator role, assigned when registering."}], "title": "Opal Estate Pro <= 1.7.5 - Unauthenticated Privilege Escalation via 'on_regiser_user'", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d7b75a4-67b4-4347-91a6-dbf98da5ceaf?source=cve"}, {"url": "https://themeforest.net/item/fullhouse-real-estate-responsive-wordpress-theme/16179481"}, {"url": "https://plugins.trac.wordpress.org/browser/opal-estate-pro/trunk/inc/user/class-opalestate-user.php#L228"}, {"url": "https://plugins.trac.wordpress.org/browser/opal-estate-pro/trunk/inc/user/class-opalestate-user.php#L235"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-269 Improper Privilege Management", "cweId": "CWE-269", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Alyudin Nafiie"}], "timeline": [{"time": "2025-06-30T18:39:19.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-01T13:44:23.789242Z", "id": "CVE-2025-6934", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-02T13:24:45.496Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6934", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-01T13:44:23.789242Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-01T13:47:17.937Z"}}], "cna": {"title": "Opal Estate Pro <= 1.7.5 - Unauthenticated Privilege Escalation via 'on_regiser_user'", "credits": [{"lang": "en", "type": "finder", "value": "Alyudin Nafiie"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "wpopal", "product": "Opal Estate Pro \u2013 Property Management and Submission", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.7.5"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-06-30T18:39:19.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d7b75a4-67b4-4347-91a6-dbf98da5ceaf?source=cve"}, {"url": "https://themeforest.net/item/fullhouse-real-estate-responsive-wordpress-theme/16179481"}, {"url": "https://plugins.trac.wordpress.org/browser/opal-estate-pro/trunk/inc/user/class-opalestate-user.php#L228"}, {"url": "https://plugins.trac.wordpress.org/browser/opal-estate-pro/trunk/inc/user/class-opalestate-user.php#L235"}], "descriptions": [{"lang": "en", "value": "The Opal Estate Pro \u2013 Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is due to a lack of role restriction during registration in the 'on_regiser_user' function. This makes it possible for unauthenticated attackers to arbitrarily choose the role, including the Administrator role, assigned when registering."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:55:51.677Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6934", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:55:51.677Z", "dateReserved": "2025-06-30T17:52:44.462Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-01T06:43:03.156Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Opal Estate Pro \u2013 Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is due to a lack of role restriction during registration in the 'on_regiser_user' function. This makes it possible for unauthenticated attackers to arbitrarily choose the role, including the Administrator role, assigned when registering."}, {"lang": "es", "value": "El complemento Opal Estate Pro \u2013 Property Management and Submission para WordPress, utilizado por FullHouse - Real Estate Responsive WordPress Theme, es vulnerable a la escalada de privilegios en todas las versiones hasta la 1.7.5 incluida. Esto se debe a la falta de restricci\u00f3n de roles durante el registro en la funci\u00f3n 'on_regiser_user'. Esto permite que atacantes no autenticados elijan arbitrariamente el rol asignado al registrarse, incluido el de Administrador."}], "id": "CVE-2025-6934", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-07-01T07:15:27.340", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/opal-estate-pro/trunk/inc/user/class-opalestate-user.php#L228"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/opal-estate-pro/trunk/inc/user/class-opalestate-user.php#L235"}, {"source": "security@wordfence.com", "url": "https://themeforest.net/item/fullhouse-real-estate-responsive-wordpress-theme/16179481"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5d7b75a4-67b4-4347-91a6-dbf98da5ceaf?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T11:10:57.946459+00:00", "value": {"mitigation_remediation": ["Upgrade the Opal Estate Pro plugin to the latest available version that enforces role checks during user registration.", "If an upgrade is not immediately possible, modify the plugin or its configuration so that the role assignment during registration defaults to a low\u2011privilege role, such as Subscriber, and removes the ability to select higher roles.", "Use a web application firewall or security plugin to detect and block requests that attempt to set the role parameter to \"Administrator\" during user registration."], "summary": {"action": "Apply Patch", "impact": "Privilege Escalation to Administrator Role"}, "threat_synthesis": {"affected_systems": "WordPress installations that use the Opal Estate Pro plugin by wpopal, versions up to and including 1.7.5, are impacted. Sites that employ the FullHouse Real Estate Responsive WordPress Theme and include this plugin are also vulnerable if they run a susceptible version.", "description_and_impact": "The Opal Estate Pro plugin\u2019s on_regiser_user function does not enforce role validation during user registration, allowing an unauthenticated attacker to specify any role, including Administrator. This flaw enables the creation of an account with full administrative rights, compromising the confidentiality, integrity, and availability of the affected WordPress site. The vulnerability is classified as CWE\u2011269.", "risk_and_exploitability": "The CVSS score of 9.8 marks this as critical, and the EPSS score of 28% indicates a moderate to high likelihood of exploitation in the near term. Although the vulnerability is not listed in the CISA KEV catalog, it remains exploitable by anyone who can reach the registration endpoint. The likely attack vector is an unauthenticated HTTP request to the plugin\u2019s registration handler with a manipulated role parameter to assign Administrator privileges."}}}}, "created": "2025-07-13T22:31:33.540955+00:00", "updated": "2026-04-28T11:15:26.096773+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress", "wpopal", "wpopal$PRODUCT$opal_estate"]}