Unauthorized Access Vulnerability in Essential WP Real Estate Plugin for WordPress
CVE-2024-13318

5.3MEDIUM

Key Information:

Vendor: Wordpress
Status: Essential WP Real Estate
Vendor: CVE Published:; 10 January 2025

Summary

The Essential WP Real Estate plugin for WordPress presents a security risk due to a missing capability check in the cl_delete_listing_func() function. This vulnerability allows unauthenticated attackers to gain unauthorized access and delete arbitrary pages and posts, potentially compromising the integrity of the website. Users are urged to update their installations to secure their sites against these unauthorized actions.

Affected Version(s)

Essential WP Real Estate * <= 1.1.3

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/essential-wp-r...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 10, 2025
Vulnerability Reserved
Jan 9, 2025

Credit

Thanh Nam Tran