What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <= 4.3.6.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <= 4.3.6.
Explanation of Vulnerability in Simple Terms
RealHomes versions 4.3.6 and earlier contain a critical vulnerability that allows unauthenticated attackers to read sensitive data, modify site content, or disrupt service without any user interaction. The vulnerability stems from improper privilege enforcement in the application. All sites running affected versions require immediate patching.
What an attacker can do
Read sensitive data, modify or delete content, and disrupt site availability without logging in.
Potential impact on your site
Your site's data, content, and availability are at immediate risk from remote attackers.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources