Essential Real Estate
CVE-2024-12329
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from Vendor (wordfence) · only source for this CVE.
CVSS VectorVendor: wordfence
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to access invoices and transaction logs
AnalysisAI
The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to access invoices and transaction logs Affected products include: G5Plus Essential Real Estate.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
More in Essential Real Estate
View allThe Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like
The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, whi
The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, whi
The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type val
The Essential Real Estate WordPress plugin before 3.9.6 does not sanitize and escapes some parameters, which could allow
The Essential Real Estate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ere_proper
The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation
Same weakness CWE-200 – Information Exposure
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today