CVE-2025-5117
Property 1.0.5 - 1.0.6 - Missing Authorization to Authenticated (Author+) Privilege Escalation via property_package_user_role Metadata in PayPal Registration
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Property 1.0.5 - 1.0.6 - Missing Authorization to Authenticated (Author+) Privilege Escalation via property_package_user_role Metadata in PayPal Registration
The Property plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the use of the property_package_user_role metadata in versions 1.0.5 to 1.0.6. This makes it possible for authenticated attackers, with Author‐level access and above, to elevate their privileges to that of an administrator by creating a package post whose property_package_user_role is set to administrator and then submitting the PayPal registration form.
Reserved 2025-05-23 | Published 2025-05-27 | Updated 2025-05-27 | Assigner Wordfence| 2025-05-26: | Disclosed |
Kenneth Dunn
www.wordfence.com/...-7bc9-4f9b-b9b5-6bfb86309030?source=cve
plugins.trac.wordpress.org/.../payment-inc/paypal-submit.php
wordpress.org/plugins/property/
plugins.trac.wordpress.org/...operty/tags/1.0.6/property.php
plugins.trac.wordpress.org/changeset/3299714/
Support options
