CRITICAL🇵🇱 Wersja polska

CVE-2025-2253

CVSS 9.8v3.1pub. 2025-05-09upd. 2026-04-15

The IMITHEMES Listing plugin is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3. This is due to the plugin not properly validating a verification code value prior to updating their password through the imic_reset_password_init() function. This makes it possible for unauthenticated attackers to change any user's passwords, including administrators if the users email is known.

🤖 AI Analysis
How it works

The imic_reset_password_init() function responsible for password reset does not properly validate the verification code value before performing the password change. An attacker who knows the email address of any user (including an administrator) can call this function without any authentication with any code value and set a new password for the selected account. After changing the password, the attacker can log in to the compromised account and obtain its permissions.

Impact

An attacker can take full control of a WordPress administrator account, which in practice means unlimited access to the website, ability to install malicious software, data theft, and further privilege escalation at the server level.

Mitigation & patch

Security patches available from the vendor should be applied according to references. Until updating, consider deactivating the plugin or restricting access to password reset endpoints at the application firewall (WAF) level.

Who is affected

IMITHEMES Listing plugin for WordPress in all versions up to and including 3.3.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth BypassLPE
CWE
References