33,000 WordPress Sites Affected by Privilege Escalation Vulnerability in RealHomes WordPress Theme

On May 4th, 2025, we received a submission for a Privilege Escalation vulnerability in RealHomes, a WordPress theme with more than 33,000 sales. This vulnerability can be used by authenticated attackers, with subscriber-level access and above, to grant themselves administrative privileges by updating their user role. Please note that this vulnerability only critically affects users who have enabled the “Show user role option in profile” option in the settings, which is disabled by default.
The post 33,000 WordPress Sites Affected by Privilege Escalation Vulnerability in RealHomes WordPress Theme appeared first on Wordfence.WordfenceRead More