What the vulnerability does
01Description
The Property plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the use of the property_package_user_role metadata in versions 1.0.5 to 1.0.6. This makes it possible for authenticated attackers, with Author‐level access and above, to elevate their privileges to that of an administrator by creating a package post whose property_package_user_role is set to administrator and then submitting the PayPal registration form.
Explanation of Vulnerability in Simple Terms
02Summary
The Property – Real Estate Directory Listing plugin for versions 1.0.5 through 1.0.6 fails to properly check user permissions before allowing access to sensitive functions. A logged-in user with low privileges can read, modify, or delete data they should not have access to, including property listings and potentially other site information.
What an attacker can do
03Attacker Capabilities
Read, modify, or delete property listings and other data without proper authorization.
Potential impact on your site
04Site Impact
Unauthorized users can tamper with or destroy property listings and sensitive directory data.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the site (e.g., subscriber or contributor role).
Key dates
06Disclosure timeline
May 27, 2025
CVE published
May 27, 2025
Record updated