How to fix CVE-2025-14892?

Within 24 hours: Identify all WordPress installations using Prime Listing Manager plugin and document affected systems; immediately disable the plugin if business operations permit. Within 7 days: Audit administrative access logs for unauthorized logins; conduct forensic review for signs of compromise; review file integrity and database changes. Within 30 days: Replace Prime Listing Manager with alternative listing solution or await vendor security patch; implement Web Application Firewall (WAF) rules to block exploit attempts if plugin cannot be immediately removed.

Is PHP affected by CVE-2025-14892?

CVE-2025-14892 is a critical vulnerability affecting Prime Listing Manager WordPress plugin versions up to 1.1 that allows unauthenticated attackers to gain full administrative access to affected WordPress installations.

CVE-2025-14892

CRITICAL

2026-02-12 [email protected]

9.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

CVE Published

Feb 12, 2026 - 06:16 nvd

CRITICAL 9.8

Description

The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions due to a hardcoded secret.

Analysis

Privilege escalation in Prime Listing Manager WordPress plugin through 1.1 allows unauthenticated administrative access.

Technical Context

Unauthenticated privilege escalation to admin.

Affected Products

['Prime Listing Manager WordPress plugin <= 1.1']

Remediation

Update or remove the plugin.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +49

POC: 0

CVE-2025-14892 vulnerability details – vuln.today

Back

CVE-2025-14892

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-14892

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code