CVE-2024-13421

Published Feb 12, 2025

Last updated 3 days ago

CVSS critical 9.8

Overview

Description: The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected during registration. This makes it possible for unauthenticated attackers to register a new administrative user account.
Source: security@wordfence.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

security@wordfence.com: CWE-266
nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

CVE-2024-13421 The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not prope… https://t.co/isiXP5yuPz
@CVEnew
12 Feb 2025
432 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:contempothemes:real_estate_7:*:*:*:*:*:wordpress:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B9F8431-754A-4DDE-A170-988CAE7C66E3",
            "versionEndExcluding": "3.5.2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References