A high-severity vulnerability has been identified in the "Realty Portal – Agent" plugin for WordPress. This flaw allows any authenticated user, including those with minimal permissions, to elevate their privileges to an administrator level. Successful exploitation could result in a complete compromise of the affected website, leading to data theft, defacement, or further malicious activity.

The vulnerability is a Privilege Escalation flaw resulting from a missing authorization check in the rp_user_profile() function, which is exposed via an AJAX action. An attacker with a low-privilege authenticated account (e.g., a subscriber) can send a crafted request to the admin-ajax.php endpoint, targeting the rp_user_profile action. Because the function does not verify if the user making the request has the appropriate permissions to modify user data, the attacker can alter their own account details to grant themselves administrative privileges, effectively taking full control of the WordPress site.

This vulnerability is rated as High severity with a CVSS score of 8.8. The primary business impact is the high risk of a complete website compromise. An attacker gaining administrative access can steal sensitive company or customer data, deface the website causing significant reputational damage, install backdoors for persistent access, inject malware to attack site visitors, or use the server as a pivot point for further attacks on the internal network. This could lead to regulatory fines, loss of customer trust, and significant disruption to business operations.

Immediate Action:

• Immediately update the "Realty Portal – Agent" plugin to the latest available version, which contains the security patch for this vulnerability.
• If the plugin is no longer required for business operations, it should be deactivated and completely removed from the WordPress installation.
• Review all user accounts, particularly those with administrative privileges, to identify and revert any unauthorized changes or suspicious accounts.

Proactive Monitoring:

• Monitor web server access logs for requests to /wp-admin/admin-ajax.php containing the parameter action=rp_user_profile. Investigate any such requests originating from non-administrative users.
• Implement a file integrity monitoring system to detect unauthorized changes to WordPress core files, themes, or plugins, which could indicate a backdoor has been installed.
• Enable and review WordPress security audit logs for unexpected changes in user roles, especially privilege escalations.

Compensating Controls:

• If immediate patching is not feasible, deploy a Web Application Firewall (WAF) with a custom rule to block or alert on requests to the rp_user_profile AJAX action.
• Restrict access to the WordPress administrative dashboard (/wp-admin/) to specific, trusted IP addresses.
• Temporarily disable user registration or enforce a policy of least privilege for all user accounts until the patch can be applied.

Public Exploit Available: false

Given the high severity (CVSS 8.8) and the simplicity of exploitation, we strongly recommend that organizations using the "Realty Portal – Agent" plugin treat this vulnerability as a critical risk. The remediation plan should be executed immediately. Although this CVE is not yet in the CISA KEV catalog, its characteristics make it a prime target for opportunistic attackers. We recommend applying the update within a 72-hour window and conducting a thorough audit of user accounts and site integrity to ensure no prior compromise has occurred.