Real estate website admins using the RealHome Theme and plugin on WordPress need to prioritize securing their sites due to existing vulnerabilities in the theme. The developers have not yet addressed these vulnerabilities, leaving websites using the theme susceptible to security risks.
RealHome Theme And WordPress Plugin Vulnerabilities Need Attention
A recent discovery by researchers at Patchstack revealed multiple security vulnerabilities in the RealHome Theme and its associated Easy Real Estate plugin, posing a threat to numerous WordPress websites.
Two significant vulnerabilities were identified by the researchers:
- CVE-2024-32444 (critical severity; CVSS 9.8): A lack of nonce check in the code handling user input could lead to privilege escalation in the RealHome Theme. This vulnerability allowed users to create new accounts with admin roles, posing a serious security risk.
- CVE-2024-32555 (critical severity; CVSS 9.8): Another privilege escalation vulnerability was found in the Easy Real Estate Plugin, enabling unauthorized users to log in as admin without needing the password.
The vulnerabilities were discovered in plugin version 4.3.3, and despite reporting them to the developers, no patches have been released yet.
With the vulnerabilities now public knowledge, users are advised to disable the RealHome Theme and Easy Real Estate plugin until patched versions are available.
As a precaution, users should implement strict whitelisting of user inputs and restrict user account creation to prevent unauthorized access.
Share your thoughts in the comments section below.
