Privilege Escalation in IMITHEMES Listing Plugin for WordPress
CVE-2025-2253

9.8CRITICAL

Key Information:

Vendor: Imithemes
Status: Imithemes Listing
Vendor: CVE Published:; 9 May 2025

What is CVE-2025-2253?

The IMITHEMES Listing plugin is susceptible to a privilege escalation vulnerability that allows unauthenticated attackers to gain unauthorized access by taking over user accounts. This issue arises from improper validation of a verification code in the imic_reset_password_init() function, permitting attackers to change any user's password, including that of administrators, if they know the user's email address. Therefore, it is crucial for users and administrators to stay informed about this vulnerability and take necessary precautions.

Affected Version(s)

IMITHEMES Listing * <= 3.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://themeforest.net/item/auto-stars-car-dealership-li...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2025
Vulnerability Reserved
Mar 12, 2025

Credit

Alyudin Nafiie

JSON

Imithemes

What is CVE-2025-2253?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit