CVE-2024-13421

Published: Feb 12, 2025Modified: Feb 25, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: security@wordfence.com (Secondary)

Description

The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected during registration. This makes it possible for unauthenticated attackers to register a new administrative user account.

Affected (1)

Products: Contempothemes: Real Estate 7

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Contempothemes Real Estate 7	Before 3.5.2

Related CWEs

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

References (3)

https://contempothemes.com/changelog/

Source: security@wordfence.com

Release Notes

https://themeforest.net/item/wp-pro-real-estate-7-responsive-real-estate-wordpress-theme/12473778

Source: security@wordfence.com

Product

https://www.wordfence.com/threat-intel/vulnerabilities/id/a50b3304-d55b-487a-8137-d5083c704cf4?source=cve

Source: security@wordfence.com

Third Party Advisory

Timeline

No history available yet.