Key Vulnerability Information CVE: CVE-2025-11985 CVSS: 8.8 (High) Publicly Published: November 20, 2025 Last Updated: November 21, 2025 Researcher: kr0d Description This vulnerability affects the Realty Portal plugin for WordPress. It involves Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update in versions <= 0.4.1. Vulnerability Details Software Type: Plugin Software Slug: realty-portal Patched?: No Remediation: No known patch available. Review vulnerability details and consider mitigations or uninstalling the affected software. Affected Versions: 0.1 - 0.4.1 References plugins.trac.wordpress.org cwe.mitre.org developer.wordpress.org