Privilege Escalation in Contempo Themes Real Estate 7
CVE-2025-39459

7.3HIGH

Key Information:

Vendor: WordPress
Status: Real Estate 7
Vendor: CVE Published:; 19 May 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-39459?

An incorrect privilege assignment vulnerability exists in Contempo Themes Real Estate 7 that allows an attacker to escalate their privileges, potentially granting unauthorized access and control over sensitive functionalities. This is particularly concerning for users running versions from n/a through 3.5.2 of the Real Estate 7 product.

Affected Version(s)

Real Estate 7 0 <= 3.5.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-39459-Nuclei-Template
Created by RootHarpy

References

https://patchstack.com/database/Wordpress/Theme/realestat...

vdb-entry

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Mar 3, 2026
👾
Exploit known to exist
Mar 3, 2026
Vulnerability published
May 19, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Ananda Dhakal (Patchstack)

CVE-2025-39459 Data

JSON

WordPress