Privilege Escalation in IMITHEMES Listing Plugin for WordPress
CVE-2025-2253

9.8CRITICAL

Key Information:

Vendor: Imithemes
Status: Imithemes Listing
Vendor: CVE Published:; 9 May 2025

What is CVE-2025-2253?

The IMITHEMES Listing plugin is susceptible to a privilege escalation vulnerability that allows unauthenticated attackers to gain unauthorized access by taking over user accounts. This issue arises from improper validation of a verification code in the imic_reset_password_init() function, permitting attackers to change any user's password, including that of administrators, if they know the user's email address. Therefore, it is crucial for users and administrators to stay informed about this vulnerability and take necessary precautions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

IMITHEMES Listing * <= 3.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://themeforest.net/item/auto-stars-car-dealership-li...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2025
Vulnerability Reserved
Mar 12, 2025

Credit

Alyudin Nafiie

JSON

Imithemes

What is CVE-2025-2253?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.