CVE-2024-12329: Essential Real Estate <= 5.1.6 - Missing Authorization to Authenticated (Contributor+) Information Exposure

Published Dec 12, 2024
·
Updated

The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to access invoices and transaction logs

Affected Software

2 affected components
Essential Real Estate Essential Real Estate<=5.1.6
G5plus Essential Real Estate Wordpress<5.1.7

Remediation

Patch Available

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3204549%40essential-real-estate&new=3204549%40essential-real-estate&sfp_email=&sfph_mail=

Event History

Dec 12, 2024
CVE Published
via MITRE·06:46 AM
Data Sourced
via MITRE·06:46 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·07:15 AM
DescriptionSeverityWeakness
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2024-12329?

The severity of CVE-2024-12329 is considered high due to the risk of unauthorized data access by authenticated attackers.

2

How do I fix CVE-2024-12329?

To fix CVE-2024-12329, update the Essential Real Estate plugin to version 5.1.7 or later, where the capability checks have been implemented.

3

Who is affected by CVE-2024-12329?

Authenticated users with Contributor-level access are affected by CVE-2024-12329, as they can exploit the vulnerability to access unauthorized data.

4

What versions of the Essential Real Estate plugin are impacted by CVE-2024-12329?

All versions of the Essential Real Estate plugin up to and including 5.1.6 are impacted by CVE-2024-12329.

5

What is the type of vulnerability in CVE-2024-12329?

CVE-2024-12329 is a vulnerability related to unauthorized access due to missing capability checks.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203