CVE-2025-23477

CVE-2025-23477 is a missing authorization vulnerability in the Realty Workstation WordPress plugin (realty-workstation), affecting all versions up to and including 1.0.45. The flaw allows attackers to access functionality not properly constrained by access control lists (ACLs), as classified under CWE-862. It has a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L), indicating high severity due to network accessibility, low attack complexity, and no prerequisite privileges or user interaction.

Unauthenticated remote attackers can exploit this vulnerability over the network to gain unauthorized access to restricted functionality. Successful exploitation enables high integrity impacts, such as modifying data or configurations, alongside low availability effects, without compromising confidentiality.

The Patchstack advisory documents this broken access control issue in Realty Workstation plugin version 1.0.45 and provides further details on the vulnerability. Security practitioners should consult the advisory at https://patchstack.com/database/Wordpress/Plugin/realty-workstation/vulnerability/wordpress-realty-workstation-plugin-1-0-45-broken-access-control-vulnerability?_s_id=cve for mitigation guidance, such as applying available patches or updates.