Arbitrary File Upload Exposure in Real Estate 7 WordPress Theme
CVE-2025-2891
8.8HIGH
What is CVE-2025-2891?
The Real Estate 7 WordPress theme contains a vulnerability that allows authenticated attackers with Seller-level access to upload files without proper validation mechanisms. Specifically, the 'template-submit-listing.php' file fails to check file types adequately, enabling the possibility of uploading malicious files. If the front-end listing submission feature is enabled, this flaw can allow remote code execution on the server, potentially compromising the entire website.
Affected Version(s)
Real Estate 7 WordPress * <= 3.5.4