WordPress Real-Estate Plugin Vulnerability Exposes 32k+ Websites To Cyberattack

A severe security flaw has been discovered in the popular RealHomes WordPress theme and its accompanying plugin, Easy Real Estate, threatening the security of over 23,000 websites. 

These vulnerabilities, classified as unauthenticated privilege escalation issues, have been assigned critical severity scores of 9.8 on the CVSS scale and are tracked as CVE-2024-32444 and CVE-2024-32555, respectively.

Since there are not any known fixes for this issue at this time, it’s advised that users of the theme and plugin temporarily disable them until the issue is addressed.

The RealHomes Theme Vulnerability

With around 32,000 sales, the RealHome theme (paid version) is one of the most well-liked premium themes created especially for real estate websites. It boasts advanced features and customizability, making it a popular choice among realtors.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

However, a critical flaw in its inspiry_ajax_register function allows attackers to escalate privileges without authentication.

The vulnerability stems from improper validation of user inputs during account registration. Specifically:

• The function fails to enforce authorization or nonce verification.
• Attackers can manipulate the $user_role parameter in HTTP requests to assign themselves administrative privileges.

This flaw enables attackers to take full control of a website by creating administrator accounts, allowing them to modify content, inject malicious scripts, or access sensitive user data. 

Patchstack identified this issue in version 4.3.3 of the theme and assigned it CVE-2024-32444.

The Easy Real Estate Plugin Vulnerability

The Easy Real Estate plugin, bundled with the RealHomes theme, contains a similar privilege escalation flaw in its social login functionality. 

Tracked as CVE-2024-32555, this vulnerability allows attackers to log into any user account by exploiting insufficient email verification during login requests.

The ere_social_register function fails to verify ownership of the email address provided. An attacker only needs an administrator’s email address to gain unauthorized access.

This issue can lead to devastating consequences similar to those of the RealHomes theme vulnerability, including a complete site takeover.

Recommended Actions

Disable Affected Components: Users are strongly advised to deactivate both the RealHomes theme and Easy Real Estate plugin until patches are available.

Use Security Solutions: Patchstack customers are already protected through virtual patching mechanisms.

Monitor for Updates: Continuously check for vendor updates or consider switching to alternative themes and plugins with robust security practices.

These vulnerabilities highlight the importance of rigorous input validation and secure coding practices in WordPress themes and plugins. 

Developers must implement strict checks for functions like wp_set_auth_cookie() and avoid accepting user inputs for sensitive parameters like roles or metadata without proper validation.

Website administrators using the RealHomes theme or Easy Real Estate plugin must act immediately to mitigate risks while awaiting vendor action. 

For enhanced protection against such threats, consider using third-party security solutions that offer proactive vulnerability patching.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

The post WordPress Real-Estate Plugin Vulnerability Exposes 32k+ Websites To Cyberattack appeared first on Cyber Security News.