cleantalk
Vulnerabilities and Security Researches

Opal Estate Pro – Property Management and Submission, CVE-2025-6934

CVE, Research URL

CVE-2025-6934

Home page URL

Security reports for Opal Estate Pro – Property Management and Submission

Application

Opal Estate Pro – Property Management and Submission

Published on
Jul 01, 2025
Research Description
The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is due to a lack of role restriction during registration in the 'on_regiser_user' function. This makes it possible for unauthenticated attackers to arbitrarily choose the role, including the Administrator role, assigned when registering.
Affected versions
Min -, max 1.7.5.
Status
vulnerable
Previous vulnerability researches
Advanced Flamingo (CVE-2023-52226) , Jun 07, 2024
Flamingo , Apr 16, 2025
Flamingo (022a9997dfc335fe7d818f90b085eb691dd3ba3c) , Jun 07, 2024
New vulnerability
MDJM Event Management (CVE-2025-52824) , Jul 03, 2025
OnionBuzz (CVE-2025-53312) , Jul 03, 2025
Hide Admin Bar From Front End (CVE-2025-53267) , Jul 03, 2025
WP Visual Sitemap (CVE-2025-53290) , Jul 03, 2025
ElementsKit Elementor addons (CVE-2025-4479) , Jul 03, 2025