cbcvebase.
CVE-2025-6934
published 2025-07-01

CVE-2025-6934: The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to…

PriorityP181critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
22.33%
97.4th percentile
The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is due to a lack of role restriction during registration in the 'on_regiser_user' function. This makes it possible for unauthenticated attackers to arbitrarily choose the role, including the Administrator role, assigned when registering.

Affected

1 ranges
VendorProductVersion rangeFixed in
wpopalopal_estate_pro_property_management_and_submission<= 1.7.5

Detection & IOCsextracted from sources · hover to see the quote

url/wp-admin/admin-ajax.php
path/wp-content/plugins/opal-estate-pro/
commandaction=opalestate_register_form&role=administrator&ajax=1
cookieopalestate-register-nonce
  • Look for POST requests to /wp-admin/admin-ajax.php with action=opalestate_register_form and role=administrator in the body, indicating unauthenticated privilege escalation attempts.
  • Presence of the string 'opalestate-register-nonce' in a page body confirms the vulnerable registration form is exposed and the plugin is active.
  • The vulnerable function is 'on_register_user' (also referenced as 'on_regiser_user') in the Opal Estate Pro plugin; monitor WordPress user registration events where the assigned role is 'administrator' originating from unauthenticated sessions.
  • ·The exploit requires a valid WordPress nonce ('opalestate-register-nonce') extracted from the registration page before the malicious POST can be submitted; detection rules should account for this two-step flow.
  • ·All versions up to and including 1.7.5 of the Opal Estate Pro plugin are affected; no patched version is referenced in the sources.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.