WordPress Plugin Vulnerabilities

WordPress Easy Real Estate Plugin < 2.3.0 - Privilege Escalation

Description

WordPress Easy Real Estate Plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.2.6. This makes it possible for unauthenticated attackers to gain access to accounts with administrative level access.

Affects Plugins

Plugin icon
easy-real-estate
Fixed in 2.3.0

References

CVE
CVE-2024-32555
URL
https://patchstack.com/database/wordpress/plugin/easy-real-estate/vulnerability/wordpress-easy-real-estate-plugin-2-2-6-privilege-escalation-vulnerability

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
luc (Patchstack Alliance)
Verified
No
WPVDB ID
838e0685-6fc2-4f34-babb-8375a598c92e

Timeline

Publicly Published
2025-01-20 (about 1 year ago)
Added
2025-01-24 (about 1 year ago)
Last Updated
2026-03-07 (about 28 days ago)

Other

Published
Title
Published
2024-12-19
Title
SSL Wireless SMS Notification < 3.7.0 - Unauthenticated Privilege Escalation
Published
2016-02-10
Title
Woocommerce Exporter < 1.8.4 - Privilege Esclation
Published
2020-05-14
Title
Login/Signup Popup < 1.5 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2025-10-21
Title
King Addons for Elementor < 51.1.37 - Unauthenticated Privilege Escalation
Published
2025-08-18
Title
Real Spaces - WordPress Properties Directory Theme < 3.6.1 - Unauthenticated Privilege Escalation to Administrator via 'imic_agent_register'