Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

RealHomes CRM 1.0.1 security patch (CVE-2025-67968)

Security Patch Release
First reported
Last updated
Happening score
H score 10
1 unique sources, 1 articles

Summary

Hide ▲

Developers released RealHomes CRM 1.0.1 to fix CVE-2025-67968, a file-upload flaw affecting versions 1.0.0 and earlier on WordPress sites. The bug let Subscriber-level users upload arbitrary files through a CSV import path, creating a route to malicious code upload and possible site takeover. The patch adds a current_user_can check and wp_check_filetype validation to restrict who can upload and what can be uploaded.

Related Happenings

Adobe PolyShell fix for Magento Open Source and Adobe Commerce

Security Patch Release
First: 19.03.2026 22:01 Last: 19.03.2026 22:01 Sources 1

About this happening: Adobe released an **alpha** fix for **PolyShell**, but **production Magento Open Source and Adobe Commerce stable version 2** installations remain vulnerable. The update is only p...

Open Happening

WPvivid Backup & Migration plugin security update 0.9.124 (CVE-2026-1357)

Security Patch Release
First: 12.02.2026 19:09 Last: 12.02.2026 19:09 Sources 1

About this happening: **WPVividPlugins** released **version 0.9.124** on **January 28** to fix **CVE-2026-1357** in the **WPvivid Backup & Migration plugin for WordPress**. The patch closes a **critica...

Open Happening

Cisco Unified Communications and Webex Calling patch release for CVE-2026-20045

Security Patch Release
First: 22.01.2026 00:16 Last: 22.01.2026 00:16 Sources 1

About this happening: **Cisco** released **version-specific updates and patch files** for **CVE-2026-20045**, a critical **remote code execution** flaw affecting **Unified CM**, **SME**, **IM & Presenc...

Open Happening

GitLab security patch release for CVE-2026-0723

Security Patch Release
First: 21.01.2026 15:57 Last: 21.01.2026 15:57 Sources 1

About this happening: **GitLab** released **18.8.2, 18.7.2, and 18.6.4** to fix multiple security flaws in **GitLab CE/EE**. The update matters because one of the issues, **CVE-2026-0723**, is a high-s...

Open Happening

Chainlit security patch release for CVE-2026-22218

Security Patch Release
First: 21.01.2026 11:10 Last: 21.01.2026 11:10 Sources 1

About this happening: **Chainlit** released **version 2.9.4** to fix **CVE-2026-22218** and **CVE-2026-22219**, closing flaws that could expose **API keys**, **sensitive files**, and **internal metadat...

Open Happening

Timeline

  1. 22.01.2026 17:10 1 articles · 4mo ago

    RealHomes CRM CVE-2025-67968 file-upload flaw disclosed

    Technical Analysis Update

    Researchers identified CVE-2025-67968 in RealHomes CRM versions 1.0.0 and earlier, where logged-in Subscriber-level users or higher could upload arbitrary files through a CSV import feature because the AJAX upload handler lacked privilege checks and file-type validation, creating a path to malicious code upload and full site takeover on WordPress sites using the RealHomes theme.

    Show sources
    Open in new tab
  2. 22.01.2026 17:10 2 articles · 4mo ago

    RealHomes CRM 1.0.1 release adds upload controls

    Mitigation Patch Update

    In response to CVE-2025-67968, InspiryThemes released RealHomes CRM 1.0.1 with a current_user_can capability check and wp_check_filetype validation so only authorised users can access the upload feature and only permitted file types and extensions can be written to the server.

    Show sources
    Open in new tab