CVE-2025-6934

Name of the Vulnerable Software and Affected Versions: Opal Estate Pro – Property Management and Submission plugin for WordPress versions up to, and including, 1.7.5

Description: The issue is due to a lack of role restriction during registration in the on regiser user function, making it possible for unauthenticated attackers to arbitrarily choose the role, including the Administrator role, assigned when registering.

Recommendations: For Opal Estate Pro – Property Management and Submission plugin for WordPress versions up to, and including, 1.7.5, consider disabling the on regiser user function until a patch is available to prevent privilege escalation. Restrict access to the registration process to minimize the risk of exploitation. Avoid using the registration feature in the affected plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.