Critical severity9.8NVD Advisory· Published Mar 5, 2025· Updated Apr 15, 2026
CVE-2025-1515
CVE-2025-1515
Description
The WP Real Estate Manager plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.8. This is due to insufficient identity verification on the LinkedIn login request process. This makes it possible for unauthenticated attackers to bypass official authentication and log in as any user on the site, including administrators.
Affected products
2<=2.8+ 1 more
- (no CPE)range: <=2.8
- (no CPE)range: <=2.8
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.