cleantalk
Vulnerabilities and Security Researches

Opal Estate Pro – Property Management and Submission, CVE-2025-6934

CVE, Research URL

CVE-2025-6934

Home page URL

Security reports for Opal Estate Pro – Property Management and Submission

Application

Opal Estate Pro – Property Management and Submission

Published on
Jul 01, 2025
Research Description
The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is due to a lack of role restriction during registration in the 'on_regiser_user' function. This makes it possible for unauthenticated attackers to arbitrarily choose the role, including the Administrator role, assigned when registering.
Affected versions
Min -, max 1.7.5.
Status
vulnerable
Previous vulnerability researches
Opal Estate Pro – Property Management and Submission (CVE-2025-6934) , Jul 03, 2025
Opal Estate Pro – Property Management and Submission (CVE-2024-3666) , Jun 07, 2024
New vulnerability
CSV Importer Improved (CVE-2025-50013) , Jul 04, 2025
WooCommerce PDF Invoice Builder, Create invoices, packing slips and more (CVE-2025-53203) , Jul 04, 2025
Infility Global (CVE-2025-52774) , Jul 04, 2025
Additional Order Filters for WooCommerce (CVE-2025-53271) , Jul 04, 2025
Aviation Weather from NOAA (CVE-2025-28980) , Jul 04, 2025