Hey there, WordPress admins! If you’re using the RealHome Theme and plugin for your real estate website, it’s crucial to take steps to secure your site. Unfortunately, there are known vulnerabilities in the theme that could leave your website exposed to potential security threats.
Unpatched Vulnerabilities in RealHome Theme and WordPress Plugin
Recently, researchers from Patchstack uncovered several security vulnerabilities in the RealHome Theme and its associated Easy Real Estate plugin, putting countless WordPress websites at risk.
Two critical vulnerabilities were identified:
- CVE-2024-32444 (critical severity; CVSS 9.8): This vulnerability in the RealHome Theme could lead to privilege escalation as it lacked proper checks for user input. Attackers could exploit this flaw to create new admin accounts, posing a significant threat to website security.
- CVE-2024-32555 (critical severity; CVSS 9.8): Another critical vulnerability was found in the Easy Real Estate Plugin, allowing unauthorized users to log in as admin using just the email address, without requiring a password.
The vulnerabilities were discovered in plugin version 4.3.3, but despite notifications to the developers, the issues remain unpatched as of now.
As a precaution, it’s recommended to disable the RealHome Theme and Easy Real Estate plugin until patched versions are released. Additionally, implementing strict input whitelisting and user account restrictions can help mitigate potential risks.
We’d love to hear your thoughts on this – feel free to share in the comments below!
