Medium severity5.3NVD Advisory· Published Mar 14, 2025· Updated Apr 15, 2026

CVE-2025-1285

Description

The Resido - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_api_key and save_api_key AJAX actions in all versions up to, and including, 3.6. This makes it possible for unauthenticated attackers to issue requests to internal services and update API key details.

Affected products

WordPress/Resido Real Estate Wordpress Themeinferred
Range: <=3.6
Package: https://wordpress.org/themes/resido-real-estate-wordpress-theme

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

themeforest.net/item/resido-real-estate-wordpress-theme/31804443nvd
www.wordfence.com/threat-intel/vulnerabilities/id/3512ce8f-b7a6-4a6f-a141-bca08c183882nvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000