Medium severity5.3NVD Advisory· Published Apr 24, 2025· Updated Apr 15, 2026

CVE-2024-13307

Description

The Reales WP - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'reales_delete_file', 'reales_delete_file_plans', 'reales_add_to_favourites', and 'reales_remove_from_favourites' functions in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to delete arbitrary attachments, and add or remove favorite property listings for any user.

Affected products

WordPress/Wp Realestatellm-fuzzy
Range: <=2.1.2
Package: https://wordpress.org/plugins/wp-realestate

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

themeforest.net/item/reales-wp-real-estate-wordpress-theme/10330568nvd
www.wordfence.com/threat-intel/vulnerabilities/id/cb94caa4-35a4-4aa3-8d25-263bbd58072anvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000