Vulnerability Description
The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.8. This is due to insufficient identity verification on the LinkedIn login request process. This makes it possible for unauthenticated attackers to bypass official authentication and log in as any user on the site, including administrators.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://themeforest.net/item/home-villa-real-estate-wordpress-theme/19446059
- https://www.wordfence.com/threat-intel/vulnerabilities/id/84f08111-d116-46f9-976
FAQ
What is CVE-2025-1515?
CVE-2025-1515 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.8. This is due to insufficient identity verification on the LinkedIn logi...
How severe is CVE-2025-1515?
CVE-2025-1515 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-1515?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.