CVE-2025-6190: CWE-862 Missing Authorization in nootheme Realty Portal – Agent
The Realty Portal – Agent plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the rp_user_profile() AJAX handler in versions 0.1.0 through 0.3.9. The handler reads the client-supplied meta key and value pairs from $_POST and passes them directly to update_user_meta() without restricting to a safe whitelist. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the wp_capabilities meta and grant themselves the administrator role.
AI Analysis
Technical Summary
CVE-2025-6190 is a privilege escalation vulnerability in the Realty Portal – Agent WordPress plugin caused by missing authorization in the rp_user_profile() AJAX handler. The handler reads meta key-value pairs from user input and updates user metadata without restricting which keys can be modified. This allows authenticated users with low privileges to escalate their permissions by modifying the wp_capabilities meta key, thereby gaining administrator rights. The vulnerability affects versions 0.1.0 through 0.3.9 of the plugin. It has a CVSS 3.1 base score of 8.8, indicating high severity with network attack vector, low attack complexity, and no user interaction required.
Potential Impact
An attacker with Subscriber-level access or higher can exploit this vulnerability to escalate their privileges to administrator by modifying the wp_capabilities user meta. This grants full control over the WordPress site, including the ability to install plugins, modify content, and manage users. The impact includes complete compromise of the affected WordPress installation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the plugin's AJAX handlers to trusted users only and consider disabling or removing the Realty Portal – Agent plugin if not essential. Monitor for updates from the vendor and apply patches promptly once released.
CVE-2025-6190: CWE-862 Missing Authorization in nootheme Realty Portal – Agent
Description
The Realty Portal – Agent plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the rp_user_profile() AJAX handler in versions 0.1.0 through 0.3.9. The handler reads the client-supplied meta key and value pairs from $_POST and passes them directly to update_user_meta() without restricting to a safe whitelist. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the wp_capabilities meta and grant themselves the administrator role.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-6190 is a privilege escalation vulnerability in the Realty Portal – Agent WordPress plugin caused by missing authorization in the rp_user_profile() AJAX handler. The handler reads meta key-value pairs from user input and updates user metadata without restricting which keys can be modified. This allows authenticated users with low privileges to escalate their permissions by modifying the wp_capabilities meta key, thereby gaining administrator rights. The vulnerability affects versions 0.1.0 through 0.3.9 of the plugin. It has a CVSS 3.1 base score of 8.8, indicating high severity with network attack vector, low attack complexity, and no user interaction required.
Potential Impact
An attacker with Subscriber-level access or higher can exploit this vulnerability to escalate their privileges to administrator by modifying the wp_capabilities user meta. This grants full control over the WordPress site, including the ability to install plugins, modify content, and manage users. The impact includes complete compromise of the affected WordPress installation.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the plugin's AJAX handlers to trusted users only and consider disabling or removing the Realty Portal – Agent plugin if not essential. Monitor for updates from the vendor and apply patches promptly once released.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-06-16T21:52:52.243Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68804d50ad5a09ad00065fdc
Added to database: 7/23/2025, 2:47:44 AM
Last enriched: 4/9/2026, 10:36:17 AM
Last updated: 5/9/2026, 5:32:01 AM
Views: 134
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.