CVE-2025-67968

Name of the Vulnerable Software and Affected Versions Real Homes CRM versions prior to 1.0.1

Description The Real Homes CRM plugin bundled with the RealHomes WordPress theme contains a flaw that allows attackers to exploit weak authorization logic. This could lead to manipulation of user accounts and potential escalation of privileges, potentially resulting in full site takeover. Approximately 30,000 websites are estimated to be affected. The issue involves the unrestricted upload of files with dangerous types, allowing the use of malicious files. The vulnerability is related to the realhomes-crm component.

Recommendations Update Real Homes CRM to version 1.0.1 or later. Audit for suspicious admin creation, role changes, and unexpected CRM-related requests.