CVE-2021-24238

CVE-2021-24238: Realteo < 1.2.4 - Arbitrary Property Deletion via IDOR

Vendor Purethemes

Product Realteo

Weakness CWE-284

Published April 22, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the property_id parameter.

Key dates

02Disclosure timeline

April 22, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24238

Related vulnerabilities

Identifiers

CVE CVE-2021-24238

CWE CWE-284

Affected versions

Vendor Purethemes

Product Realteo

Affected ≥ 1.2.4 and < 1.2.4

Vendor Purethemes

Product Findeo

Affected ≥ 1.3.1 and < 1.3.1

CVE-2021-24238: Realteo < 1.2.4 - Arbitrary Property Deletion via IDOR

01Description

02Disclosure timeline

03References

04Related CVE