- Description
- The Property plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the use of the property_package_user_role metadata in versions 1.0.5 to 1.0.6. This makes it possible for authenticated attackers, with Author‐level access and above, to elevate their privileges to that of an administrator by creating a package post whose property_package_user_role is set to administrator and then submitting the PayPal registration form.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-862
- Hype score
- Not currently trending
🚨 CVE-2025-5117 🔴 HIGH (8.8) 🏢 themeglow - Property – Real Estate Directory Listing 🏗️ 1.0.5 🔗 https://t.co/SCjdPlpToE 🔗 https://t.co/TwJDLcFA9x 🔗 https://t.co/xJzp8CA5xK 🔗 https://t.co/jbwYFQKcRS 🔗 https://t.co/uFkQmYX7N5 #CyberCron #VulnAlert #Inf
@cybercronai
27 May 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-5117: HIGH] WordPress Property plugin v1.0.5-1.0.6 lacks capability checks for property_package_user_role, allowing authenticated attackers (Author+ levels) to escalate privileges to admin via packag...#cve,CVE-2025-5117,#cybersecurity https://t.co/A5pZVbBuFt https://t.
@CveFindCom
27 May 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-5117 The Property plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the use of the property_package_user_role metadata in versi… https://t.co/WYNIW4bRiU
@CVEnew
27 May 2025
449 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes