Unauthorized Access Vulnerability in Resido Real Estate WordPress Theme
CVE-2025-1285

5.3MEDIUM

Key Information:

Vendor: Smartdatasoft
Status: Resido - Real Estate WordPress Theme
Vendor: CVE Published:; 14 March 2025

Summary

The Resido - Real Estate WordPress Theme for WordPress exhibits a vulnerability that allows unauthorized access due to the absence of critical capability checks for the delete_api_key and save_api_key AJAX actions. This issue affects all versions up to and including 3.6, enabling unauthenticated attackers to send requests to internal services, potentially allowing them to alter sensitive API key information.

Affected Version(s)

Resido - Real Estate WordPress Theme * <= 3.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://themeforest.net/item/resido-real-estate-wordpress...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 14, 2025
Vulnerability Reserved
Feb 13, 2025

Credit

Lucio Sá