Summary: The RealHome theme and Easy Real Estate plugins for WordPress contain critical vulnerabilities that allow unauthenticated users to gain administrative privileges. Despite being reported in September 2024, the vendor has not addressed these issues, leaving them exploitable. Website owners are urged to disable the affected theme and plugin to mitigate risks.
Threat Actor: Unspecified | Unspecified
Victim: WordPress Users | WordPress Users
Keypoints :
- Two critical vulnerabilities (CVE-2024-32444 and CVE-2024-32555) allow privilege escalation for unauthenticated users.
- The RealHome theme is used in approximately 32,600 websites, making it a significant target.
- Website owners are advised to disable the affected theme and plugin immediately to prevent exploitation.