Privilege Escalation in IMITHEMES Listing Plugin for WordPress
CVE-2025-2253

9.8CRITICAL

Key Information:

Vendor
Imithemes
Status
Imithemes Listing
Vendor
CVE Published:
9 May 2025

Summary

The IMITHEMES Listing plugin is susceptible to a privilege escalation vulnerability that allows unauthenticated attackers to gain unauthorized access by taking over user accounts. This issue arises from improper validation of a verification code in the imic_reset_password_init() function, permitting attackers to change any user's password, including that of administrators, if they know the user's email address. Therefore, it is crucial for users and administrators to stay informed about this vulnerability and take necessary precautions.

Affected Version(s)

IMITHEMES Listing * <= 3.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://themeforest.net/item/auto-stars-car-dealership-li...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Alyudin Nafiie
.
CVE-2025-2253 : Privilege Escalation in IMITHEMES Listing Plugin for WordPress | SecurityVulnerability.io