Critical vulnerabilities found in WordPress real estate plugins
/ 1 min read
🏚️ Critical vulnerabilities in popular WordPress real estate plugins expose sites to attacks. The RealHome theme and Easy Real Estate plugins for WordPress contain two critical flaws that allow unauthenticated users to gain administrative privileges, as discovered by Patchstack in September 2024. Despite notifying the vendor, InspiryThemes, no security fixes have been implemented in subsequent updates. The first flaw (CVE-2024-32444) allows attackers to register as administrators, while the second (CVE-2024-32555) enables login via social media without proper verification. With the RealHome theme used on over 32,600 websites, experts recommend disabling these plugins and restricting user registration to mitigate potential exploitation. Immediate action is essential as threat actors may actively seek to exploit these vulnerabilities.
