The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to access invoices and transaction logs
Metrics
Affected Vendors & Products
References
History
Thu, 12 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 12 Dec 2024 07:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to access invoices and transaction logs | |
Title | Essential Real Estate <= 5.1.6 - Missing Authorization to Authenticated (Contributor+) Information Exposure | |
Weaknesses | CWE-200 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-12-12T06:46:35.297Z
Updated: 2024-12-12T14:46:16.727Z
Reserved: 2024-12-06T21:32:09.785Z
Link: CVE-2024-12329
Vulnrichment
Updated: 2024-12-12T14:46:12.088Z
NVD
Status : Received
Published: 2024-12-12T07:15:10.607
Modified: 2024-12-12T07:15:10.607
Link: CVE-2024-12329
Redhat
No data.