Lucene search

CVE-2024-4274 Essential Real Estate <= 4.4.2 - Insecure Direct Object Reference to Arbitrary Attachment Deletion

🗓️ 04 Jun 2024 05:15:32Reported by WordfenceType

Essential Real Estate plugin CVE-2024-4274 allows unauthorized deletion of attachment

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 6
Vulnrichment	CVE-2024-4274 Essential Real Estate <= 4.4.2 - Insecure Direct Object Reference to Arbitrary Attachment Deletion	4 Jun 202405:32	–	vulnrichment
Patchstack	WordPress Essential Real Estate Plugin <= 4.4.4 is vulnerable to Insecure Direct Object References (IDOR)	4 Jun 202400:00	–	patchstack
WPVulnDB	Essential Real Estate <= 4.4.2 - Insecure Direct Object Reference to Arbitrary Attachment Deletion	3 Jun 202400:00	–	wpvulndb
CVE	CVE-2024-4274	4 Jun 202406:15	–	cve
NVD	CVE-2024-4274	4 Jun 202406:15	–	nvd
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (June 3, 2024 to June 9, 2024)	13 Jun 202415:35	–	wordfence

[
  {
    "vendor": "g5theme",
    "product": "Essential Real Estate",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "4.4.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/browser/essential-real-estate/trunk/public/partials/property/class-ere-property.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/7dc41eb7-5c9a-4a67-902d-9a855840668b

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

04 Jun 2024 05:32Current

4.5Medium risk

Vulners AI Score4.5

CVSS34.3

EPSS0.00203