Unrated severityNVD Advisory· Published Apr 22, 2021· Updated Aug 3, 2024

Realteo < 1.2.4 - Arbitrary Property Deletion via IDOR

CVE-2021-24238

Description

The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the property_id parameter.

Affected products

Purethemes/Realteov5
Range: 1.2.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

m0ze.ru/vulnerability/%5B2021-03-20%5D-%5BWordPress%5D-%5BCWE-284%5D-Findeo-WordPress-Theme-v1.3.0.txtmitrex_refsource_MISC
m0ze.ru/vulnerability/%5B2021-03-20%5D-%5BWordPress%5D-%5BCWE-284%5D-Realteo-WordPress-Plugin-v1.2.3.txtmitrex_refsource_MISC
wpscan.com/vulnerability/b8434eb2-f522-484f-9227-5f581e7f48a5mitrex_refsource_CONFIRM
www.docs.purethemes.net/findeo/knowledge-base/changelog-findeo/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000