Rosemary1337

2 exploits Active since Mar 2025
CVE-2025-6934 NOMISEC CRITICAL TROJAN
Opal Estate Pro - Property Management and Submission <=1.7.5 - Privilege Escalation
The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is due to a lack of role restriction during registration in the 'on_regiser_user' function. This makes it possible for unauthenticated attackers to arbitrarily choose the role, including the Administrator role, assigned when registering.
CVSS 9.8
CVE-2025-24799 NOMISEC HIGH TROJAN
GLPI 10.0.0-10.0.17 - Unauthenticated SQL Injection via Inventory Endpoint
GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18.
CVSS 7.5