Authentication Bypass in WP Real Estate Manager Plugin by WordPress
CVE-2025-1515

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: WP Real Estate Manager
Vendor: CVE Published:; 5 March 2025

Summary

The WP Real Estate Manager plugin for WordPress is susceptible to an authentication bypass vulnerability present in all versions up to and including 2.8. This issue arises from inadequate identity verification within the LinkedIn login process, enabling unauthenticated users to circumvent authentication mechanisms. As a result, attackers could gain unauthorized access to any user account on the site, including those of administrators, posing a significant risk to the security and integrity of the affected websites.

Affected Version(s)

WP Real Estate Manager * <= 2.8

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://themeforest.net/item/home-villa-real-estate-wordp...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 5, 2025
Vulnerability Reserved
Feb 20, 2025

Credit

Friderika Baranyai