CVE-2024-12329

CWE-200 — Information Exposure3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.3%

top 46.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

G5plus Essential Real Estate G5theme Essential Real Estate

Timeline

PublishedDec 12

Description

The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to access invoices and transaction logs

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDg5plus/essential_real_estate< 5.1.7

▶CVEListV5g5theme/essential_real_estate5.1.6

Patches

Patch: plugins.trac.wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-9pc4-9w75-xg97: The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post ty↗2024-12-12

▶

CVEList

Essential Real Estate <= 5.1.6 - Missing Authorization to Authenticated (Contributor+) Information Exposure↗2024-12-12

▶