Home / Vulnerability Intelligence / CVE-2025-14892

CVE-2025-14892 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: February 12, 2026

Prime Listing Manager WordPress - Authentication Bypass

Published: February 12, 2026Updated: February 12, 2026Remote Exploitable

Overview

Prime Listing Manager WordPress plugin through 1.1 contains a broken authentication caused by a hardcoded secret, letting attackers gain administrative access without an account and perform unauthorized actions.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 4.1%(Probability of exploitation in next 30 days)

Impact

Attackers can gain administrative access and perform unauthorized actions, compromising the entire site.

Mitigation

Update to the latest version.

References

https://wpscan.com/vulnerability/d12332ec-1d0c-4ff5-94e0-7c4470bdb79c/

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 12, 2026

🔴 CVE-2025-14892 - Critical (9.8) The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions due to a hardcoded secret. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-14892/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-14892
Severity: Critical
CVSS Score: 9.8
Type: broken_authentication
Status: unconfirmed
EPSS: 4.1%
Social Posts: 1

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

4.1%Probability of exploitation in the next 30 days