Lucene search
PRIOn knowledge basePRION:CVE-2021-24238HistoryApr 22, 2021 - 9:15 p.m.
Design/Logic Flaw
2021-04-2221:15:00
PRIOn knowledge base
www.prio-n.com
8
0.001 Low
EPSS
Percentile
44.4%
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the property_id parameter.
References
m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-284]-Findeo-WordPress-Theme-v1.3.0.txt
m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-284]-Realteo-WordPress-Plugin-v1.2.3.txt
wpscan.com/vulnerability/b8434eb2-f522-484f-9227-5f581e7f48a5
www.docs.purethemes.net/findeo/knowledge-base/changelog-findeo/
Related
cvelist
cvelist
CVE-2021-24238 Realteo < 1.2.4 - Arbitrary Property Deletion via IDOR
2021-04-22 21:00:51
nvd
nvd
CVE-2021-24238
2021-04-22 21:15:09
wpvulndb
wpvulndb
Realteo < 1.2.4 - Arbitrary Property Deletion via IDOR
2021-03-31 00:00:00
cve
cve
CVE-2021-24238
2021-04-22 21:15:09
wpexploit
wpexploit
Realteo < 1.2.4 - Arbitrary Property Deletion via IDOR
2021-03-31 00:00:00