CVE-2025-6934
published 2025-07-01CVE-2025-6934: The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to…
PriorityP181critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
22.33%
97.4th percentile
The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is due to a lack of role restriction during registration in the 'on_regiser_user' function. This makes it possible for unauthenticated attackers to arbitrarily choose the role, including the Administrator role, assigned when registering.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wpopal | opal_estate_pro_property_management_and_submission | <= 1.7.5 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for POST requests to /wp-admin/admin-ajax.php with action=opalestate_register_form and role=administrator in the body, indicating unauthenticated privilege escalation attempts. ↗
- →Presence of the string 'opalestate-register-nonce' in a page body confirms the vulnerable registration form is exposed and the plugin is active. ↗
- →The vulnerable function is 'on_register_user' (also referenced as 'on_regiser_user') in the Opal Estate Pro plugin; monitor WordPress user registration events where the assigned role is 'administrator' originating from unauthenticated sessions. ↗
- ·The exploit requires a valid WordPress nonce ('opalestate-register-nonce') extracted from the registration page before the malicious POST can be submitted; detection rules should account for this two-step flow. ↗
- ·All versions up to and including 1.7.5 of the Opal Estate Pro plugin are affected; no patched version is referenced in the sources. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
The Opal Estate Pro – Property Management <= 1.7.5 - Unauthenticated Privilege Escalation
nuclei·CVSS 9.8
CVE-2025-6934 [CRITICAL] The Opal Estate Pro – Property Management <= 1.7.5 - Unauthenticated Privilege Escalation
The Opal Estate Pro – Property Management <= 1.7.5 - Unauthenticated Privilege Escalation
The Opal Estate Pro plugin (≤ 1.7.5) is vulnerable to privilege escalation. Due to missing role restrictions in the on_register_user function, users can register with any role. This allows unauthenticated attackers to create administrator accounts.
Template:
id: CVE-2025-6934
info:
name: The Opal Estate Pro – Property Management <= 1.7.5 - Unauthenticated Privilege Escalation
author: pussycat0x
severity: critical
description: |
The Opal Estate Pro plugin (≤ 1.7.5) is vulnerable to privilege escalation. Due to missing role restrictions in the on_register_user function, users can register with any role. This allows unauthenticated attackers to create administrator accounts.
impact: |
An attacker can
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/opal-estate-pro/trunk/inc/user/class-opalestate-user.php#L228https://plugins.trac.wordpress.org/browser/opal-estate-pro/trunk/inc/user/class-opalestate-user.php#L235https://themeforest.net/item/fullhouse-real-estate-responsive-wordpress-theme/16179481https://www.wordfence.com/threat-intel/vulnerabilities/id/5d7b75a4-67b4-4347-91a6-dbf98da5ceaf?source=cve
2025-07-01
Published