- Description
- The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3. This is due to the plugin not properly validating a verification code value prior to updating their password through the imic_reset_password_init() function. This makes it possible for unauthenticated attackers to change any user's passwords, including administrators if the users email is known.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-620
- Hype score
- Not currently trending
🚨 CVE-2025-2253 ⚠️🔴 CRITICAL (9.8) 🏢 imithemes - IMITHEMES Listing 🏗️ * 🔗 https://t.co/NlhXUyav3D 🔗 https://t.co/jZglJm4Ufm #CyberCron #VulnAlert #InfoSec https://t.co/S6GgXwk53L
@cybercronai
9 May 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2253 The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3. This is due to the plugin not properl… https://t.co/jbihrTOYvJ
@CVEnew
9 May 2025
205 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes