Vulnerabilities

CVE-2024-13318

by Fred · 10/01/2025

The Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cl_delete_listing_func() function in all versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to delete arbitrary pages and posts.

More information : https://plugins.trac.wordpress.org/browser/essential-wp-real-estate/trunk/src/Common/Ajax/Ajax.php#L724

Similar

Tags: Cybersecurity Alert