CVE-2025-67968
Published Jan 22, 2026
Last updated 15 hours ago
AI description
CVE-2025-67968 is an "Unrestricted Upload of File with Dangerous Type" vulnerability (CWE-434) found in the InspiryThemes Real Homes CRM WordPress plugin. This flaw stems from insufficient file type validation within the plugin's file upload functionality. The vulnerability allows any logged-in user, including those with subscriber-level access, to upload malicious files, such as PHP web shells. This can lead to the execution of unauthorized code on the server, potentially resulting in a complete compromise of the affected WordPress installation. The issue impacts Real Homes CRM versions up to and including 1.0.0, affecting a significant number of active websites utilizing the Real Homes WordPress theme.
- Description
- Unrestricted Upload of File with Dangerous Type vulnerability in InspiryThemes Real Homes CRM realhomes-crm allows Using Malicious Files.This issue affects Real Homes CRM: from n/a through <= 1.0.0.
- Source
- audit@patchstack.com
- NVD status
- Awaiting Analysis
- audit@patchstack.com
- CWE-434
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
7
🚨 ثغرة خطيرة في RealHomes CRM تسمح بالاستيلاء الكامل على المواقع تم اكتشاف ثغرة أمنية حرجة (CVE-2025-67968) في إضافة RealHomes CRM، وهي جزء أساسي من قالب Real Homes لـ WordPress. هذه
@MisbarSec
26 Jan 2026
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-67968 (CVSS 9.9): Unrestricted Upload of File with Dangerous Type Vulnerability in InspiryThemes Real Homes CRM realhomes-crm allows Using Malicious Files. 📊 23.5K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/OB
@HunterMapping
26 Jan 2026
2392 Impressions
9 Retweets
39 Likes
10 Bookmarks
0 Replies
0 Quotes
3万サイト以上が使用するWordPressのプラグインRealHomes CRMで重大(Critical)な脆弱性が修正。CVE-2025-67968はCVSSスコア9.9で、任意のログイン後ユーザがCSVファイルアップロード機能のチェックをすり抜け任意のファイ
@__kokumoto
26 Jan 2026
900 Impressions
2 Retweets
7 Likes
2 Bookmarks
1 Reply
0 Quotes
CVE-2025-67968 (CVSS 9.9): Critical Flaw in Real Estate Theme Exposes 30,000 Sites to Takeover https://t.co/rcIcWgxj3L
@CrowdCyber_Com
26 Jan 2026
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical RealHomes CRM flaw CVE-2025-67968 (CVSS 9.9) allows any logged-in user to upload malicious files. Update to v1.0.1 immediately to prevent takeover. #WordPress #RealHomes #CyberSecurity #CVE202567968 #InfoSec #WebSecurity #RCE #RealEstateTech https://t.co/zOYcBEgbx3
@the_yellow_fall
26 Jan 2026
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-67968 (CVSS 9.9): Critical Flaw in Real Estate Theme Exposes 30,000 Sites to Takeover https://t.co/IYErhuecjA
@Karma_X_Inc
26 Jan 2026
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes