CVE-2025-5014
Home Villas | Real Estate WordPress Theme <= 2.8 - Authenticated (Subscriber+) Arbitrary File Deletion
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Home Villas | Real Estate WordPress Theme theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'wp_rem_cs_widget_file_delete' function in all versions up to, and including, 2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
El tema Home Villas | Real Estate WordPress Theme para WordPress es vulnerable a la eliminación arbitraria de archivos debido a una validación insuficiente de la ruta de archivo en la función 'wp_rem_cs_widget_file_delete' en todas las versiones hasta la 2.8 incluida. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, eliminen archivos arbitrarios en el servidor, lo que puede provocar fácilmente la ejecución remota de código al eliminar el archivo correcto (como wp-config.php).
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2025-05-20 CVE Reserved
- 2025-07-01 CVE Published
- 2025-07-02 CVE Updated
- 2025-08-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (2)
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Chimp Group Search vendor "Chimp Group" | Home Villas | Real Estate WordPress Theme Search vendor "Chimp Group" for product "Home Villas | Real Estate WordPress Theme" | <= 2.8 Search vendor "Chimp Group" for product "Home Villas | Real Estate WordPress Theme" and version " <= 2.8" | en |
Affected
|