{"id":47783,"date":"2025-06-02T09:52:16","date_gmt":"2025-06-02T09:52:16","guid":{"rendered":""},"modified":"2025-10-07T14:30:13","modified_gmt":"2025-10-07T20:30:13","slug":"cve-2025-5117-wordpress-property-plugin-privilege-escalation-vulnerability","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-5117-wordpress-property-plugin-privilege-escalation-vulnerability\/","title":{"rendered":"<strong>CVE-2025-5117: WordPress Property Plugin Privilege Escalation Vulnerability<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The CVE-2025-5117 vulnerability exposes a fundamental flaw in the security mechanism of WordPress&#8217;s Property plugin. It specifically targets versions 1.0.5 to 1.0.6 of the plugin, enabling malicious actors with Author-level access to escalate their privileges to those of an administrator. This vulnerability has the potential to be exploited by attackers to gain unauthorized access to sensitive data or to compromise the system, making it a significant threat to the security of WordPress <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-25010-critical-vulnerability-in-ericsson-ran-compute-and-site-controller-6610\/\"  data-wpil-monitor-id=\"53667\">sites that use the vulnerable<\/a> versions of the Property plugin.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-5117<br \/>\nSeverity: High &#8211; 8.8 (CVSS Score)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: Low (Author-level access)<br \/>\nUser Interaction: Required<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-0562-use-after-free-flaw-in-linux-kernel-potentially-leading-to-system-compromise\/\"  data-wpil-monitor-id=\"53682\">Potential system<\/a> compromise or data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-805171811\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p><a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-31914-critical-sql-injection-vulnerability-in-pixel-wordpress-form-builder-plugin-autoresponder\/\"  data-wpil-monitor-id=\"54801\">WordPress Property Plugin<\/a> | 1.0.5 to 1.0.6<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-25737-critical-vulnerability-in-kapsch-trafficcom-rsus-due-to-lack-of-secure-password-requirements\/\"  data-wpil-monitor-id=\"89247\">vulnerability resides in the lack<\/a> of a capability check on the use of the property_package_user_role metadata. This oversight allows authenticated attackers with Author-level <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-4433-improper-access-control-leads-to-privilege-escalation-in-devolutions-server\/\"  data-wpil-monitor-id=\"57335\">access to elevate their privileges<\/a> to that of an administrator by creating a package post and setting the property_package_user_role to administrator. After doing this, they simply have to submit the PayPal registration form to finalize the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-31918-critical-privilege-escalation-vulnerability-in-simple-business-directory-pro\/\"  data-wpil-monitor-id=\"53725\">privilege escalation<\/a>.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-932855003\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Here&#8217;s a conceptual example of how the vulnerability might be exploited:<\/p>\n<pre><code class=\"\" data-line=\"\">POST \/wp-admin\/post-new.php?post_type=property_package HTTP\/1.1\nHost: vulnerable-wp-site.com\nContent-Type: application\/x-www-form-urlencoded\nCookie: wordpress_logged_in=[user_session_cookie]\npost_title=MaliciousPackage&amp;property_package_user_role=administrator&amp;_wpnonce=[valid_wpnonce]<\/code><\/pre>\n<p>This <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-6162-critical-buffer-overflow-vulnerability-in-totolink-ex1200t-http-post-request-handler\/\"  data-wpil-monitor-id=\"79996\">HTTP request creates a new package post<\/a> with the user role set to &#8220;administrator. The attacker would then submit the PayPal registration form to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-39489-critical-privilege-escalation-vulnerability-in-pebas-couponxl\/\"  data-wpil-monitor-id=\"54061\">escalate their privileges<\/a> to an administrator level.<\/p>\n<p><strong>Mitigation Guidance<\/strong><\/p>\n<p>To mitigate the effects of this vulnerability, users are advised to apply the vendor patch for the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-3054-arbitrary-file-upload-vulnerability-in-wp-user-frontend-pro-plugin-for-wordpress\/\"  data-wpil-monitor-id=\"59233\">WordPress Property<\/a> plugin as soon as possible. In the meantime, the use of a Web Application Firewall (WAF) or an Intrusion Detection System (IDS) can provide temporary protection against <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-7457-macos-authorization-model-exploit-leading-to-potential-mitm-attacks\/\"  data-wpil-monitor-id=\"79995\">potential exploits<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The CVE-2025-5117 vulnerability exposes a fundamental flaw in the security mechanism of WordPress&#8217;s Property plugin. It specifically targets versions 1.0.5 to 1.0.6 of the plugin, enabling malicious actors with Author-level access to escalate their privileges to those of an administrator. This vulnerability has the potential to be exploited by attackers to gain unauthorized access [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[76],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-47783","post","type-post","status-publish","format-standard","hentry","category-uncategorized","attack_vector-privilege-escalation"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/47783","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=47783"}],"version-history":[{"count":9,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/47783\/revisions"}],"predecessor-version":[{"id":82083,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/47783\/revisions\/82083"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=47783"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=47783"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=47783"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=47783"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=47783"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=47783"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=47783"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=47783"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=47783"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}