CVE-2025-6934

CRITICAL NUCLEI

Opal Estate Pro - Property Management and Submission <=1.7.5 - Privilege Escalation

Title source: llm

Description

The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is due to a lack of role restriction during registration in the 'on_regiser_user' function. This makes it possible for unauthenticated attackers to arbitrarily choose the role, including the Administrator role, assigned when registering.

Exploits (14)

nomisec WORKING POC 6 stars
by Nxploited · poc
https://github.com/Nxploited/CVE-2025-6934
nomisec WORKING POC 4 stars
by yukinime · poc
https://github.com/yukinime/CVE-2025-6934
nomisec WORKING POC 2 stars
by 0xgh057r3c0n · poc
https://github.com/0xgh057r3c0n/CVE-2025-6934
nomisec WORKING POC 1 stars
by 1atakan1 · poc
https://github.com/1atakan1/CVE-2025-6934
nomisec WORKING POC 1 stars
by AnotherSec · poc
https://github.com/AnotherSec/CVE-2025-6934
nomisec WORKING POC 1 stars
by MrjHaxcore · poc
https://github.com/MrjHaxcore/CVE-2025-6934
nomisec WORKING POC
by MejbanKadir · poc
https://github.com/MejbanKadir/CVE-2025-6934-PoC
nomisec WORKING POC
by 0xTerror · poc
https://github.com/0xTerror/CVE-2025-6934
nomisec WORKING POC
by qalesyaSN · poc
https://github.com/qalesyaSN/CVE-2025-6934
github STUB
by luxzy28 · poc
https://github.com/luxzy28/CVE-2025-6934
github WORKING POC
by Boshe99 · pythonpoc
https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2025-6934
github WORKING POC
by Jenderal92 · pythonpoc
https://github.com/Jenderal92/WP-CVE-2025-6934
nomisec TROJAN
by Rosemary1337 · poc
https://github.com/Rosemary1337/CVE-2025-6934

Nuclei Templates (1)

The Opal Estate Pro – Property Management <= 1.7.5 - Unauthenticated Privilege Escalation
CRITICALVERIFIEDby pussycat0x

Scores

CVSS v3 9.8
EPSS 0.2361
EPSS Percentile 96.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-269
Status published
Products (1)
wpopal/Opal Estate Pro – Property Management and Submission < 1.7.5
Published Jul 01, 2025
Tracked Since Feb 18, 2026