Lucene search
WPScanCVELIST:CVE-2021-24238HistoryApr 22, 2021 - 9:00 p.m.
CVE-2021-24238 Realteo < 1.2.4 - Arbitrary Property Deletion via IDOR
2021-04-2221:00:51
CWE-284
WPScan
www.cve.org
0.001 Low
EPSS
Percentile
44.3%
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the property_id parameter.
CNA Affected
[
{
"product": "Realteo",
"vendor": "PureThemes",
"versions": [
{
"lessThan": "1.2.4",
"status": "affected",
"version": "1.2.4",
"versionType": "custom"
}
]
},
{
"product": "Findeo",
"vendor": "PureThemes",
"versions": [
{
"lessThan": "1.3.1",
"status": "affected",
"version": "1.3.1",
"versionType": "custom"
}
]
}
]References
m0ze.ru/vulnerability/%5B2021-03-20%5D-%5BWordPress%5D-%5BCWE-284%5D-Findeo-WordPress-Theme-v1.3.0.txt
m0ze.ru/vulnerability/%5B2021-03-20%5D-%5BWordPress%5D-%5BCWE-284%5D-Realteo-WordPress-Plugin-v1.2.3.txt
wpscan.com/vulnerability/b8434eb2-f522-484f-9227-5f581e7f48a5
www.docs.purethemes.net/findeo/knowledge-base/changelog-findeo/
Related
nvd
nvd
CVE-2021-24238
2021-04-22 21:15:09
wpvulndb
wpvulndb
Realteo < 1.2.4 - Arbitrary Property Deletion via IDOR
2021-03-31 00:00:00
prion
prion
Design/Logic Flaw
2021-04-22 21:15:00
wpexploit
wpexploit
Realteo < 1.2.4 - Arbitrary Property Deletion via IDOR
2021-03-31 00:00:00
cve
cve
CVE-2021-24238
2021-04-22 21:15:09