CVE-2025-1515 – WP Real Estate Manager <= 2.8 - Authentication Bypass via Account Takeover

https://notcve.org/view.php?id=CVE-2025-1515

04 Mar 2025 — The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.8. This is due to insufficient identity verification on the LinkedIn login request process. This makes it possible for unauthenticated attackers to bypass official authentication and log in as any user on the site, including administrators. El complemento WP Real Estate Manager para WordPress es vulnerable a la omisión de autenticación en todas las versiones hasta la 2.8 incluida. E... • https://themeforest.net/item/home-villa-real-estate-wordpress-theme/19446059 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •