CVE-2025-6934: 
WordPress vulnerability analysis and mitigation

The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, contains a privilege escalation vulnerability (CVE-2025-6934) in versions up to and including 1.7.5. The vulnerability was discovered and disclosed on July 1, 2025 (NVD CVE).

The vulnerability exists due to a lack of role restriction during registration in the 'onregiseruser' function. This security flaw allows unauthenticated attackers to arbitrarily choose their role during registration, including the Administrator role. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 CRITICAL (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is classified under CWE-269 (Improper Privilege Management) (NVD CVE).

The vulnerability allows unauthenticated attackers to gain administrator privileges by exploiting the registration process. This could lead to complete compromise of the WordPress installation, as administrator accounts have full control over the site's functionality, content, and user management (NVD CVE).

Site administrators running the Opal Estate Pro plugin versions 1.7.5 or earlier should update to a patched version as soon as it becomes available. Until a patch is released, administrators should consider disabling new user registrations or implementing additional security controls at the web application firewall level (NVD CVE).