CVE-2025-4601HIGH 8.8EPSS p89.6%

CVE-2025-4601CVE-2025-4601

Description

The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the theme not properly restricting user roles that can be updated as part of the inspiry_update_profile() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to set their role to that of an administrator. The vulnerability was partially patched in version 4.4.0, and fully patched in version 4.4.1.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS4.17% probability of exploitation · percentile 89.6% · 2026-06-19T12:03:05Z
Published2025-06-10
Last modified2026-04-15

Underlying weaknesses· 1

CWE-269

References

  1. https://themeforest.net/item/real-homes-wordpress-real-estate-theme/5373914
  2. https://www.wordfence.com/threat-intel/vulnerabilities/id/a816e5a8-2494-4bcf-869d-5214b21f7791?source=cve

1

TypeTargetConfidenceTier
WeaknessImproper Privilege Managementcwe-2690%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-49867
CVE
CVE-2025-8218
CVE
CVE-2025-2237
CVE
CVE-2025-6190
CVE
CVE-2025-11985
CVE
CVE-2025-5117
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.