Medium severity6.5NVD Advisory· Published Apr 22, 2021· Updated Jun 17, 2026
CVE-2021-24238
CVE-2021-24238
Description
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the property_id parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 1.2.4
Patches
Vulnerability mechanics
References
4- wpscan.com/vulnerability/b8434eb2-f522-484f-9227-5f581e7f48a5nvdExploitThird Party Advisory
- www.docs.purethemes.net/findeo/knowledge-base/changelog-findeo/nvdRelease NotesVendor Advisory
- m0ze.ru/vulnerability/%5B2021-03-20%5D-%5BWordPress%5D-%5BCWE-284%5D-Findeo-WordPress-Theme-v1.3.0.txtnvd
- m0ze.ru/vulnerability/%5B2021-03-20%5D-%5BWordPress%5D-%5BCWE-284%5D-Realteo-WordPress-Plugin-v1.2.3.txtnvd
News mentions
0No linked articles in our index yet.