CVE-2024-13307 – Reales WP Real Estate WordPress Theme Unauthenticated File Deletion and Authorization Bypass Vulnerability

April 24, 2025

CVE ID : CVE-2024-13307

Published : April 24, 2025, 9:15 a.m. | 1 hour, 28 minutes ago

Description : The Reales WP – Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘reales_delete_file’, ‘reales_delete_file_plans’, ‘reales_add_to_favourites’, and ‘reales_remove_from_favourites’ functions in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to delete arbitrary attachments, and add or remove favorite property listings for any user.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2579 – Lottie Player WordPress Stored Cross-Site Scripting Vulnerability

Next Article CVE-2024-12244 – GitLab EE Information Disclosure

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Development tool updates from WWDC: Foundation Models framework, Xcode 26, Swift 6.2, and more

Decoding The SVG path Element: Line Commands

Your favorite AI chatbot is lying to you all the time

Your CarPlay is getting a major overhaul on iOS 26: 3 new features arriving to your dashboard

Every iPad model that supports iPadOS 26 (and which ones won’t be compatible)

Why I recommend this Lenovo Android tablet to most people – especially at this price

Community News: Latest PECL Releases (06.10.2025)

Community News: Latest PECL Releases (06.10.2025)

SOLID Design Principles Every JavaScript Deveveloper Should Know

Perficient Boldly Advances Business Through Technology Partnerships and Collaborative Innovation

Final Fantasy XVI launches on Xbox, and FF VII Remake Intergrade is coming this winter

Final Fantasy XVI launches on Xbox, and FF VII Remake Intergrade is coming this winter

PowerToys Run adds Internet speed test, video downloader & more

Not Rumor Anymore: Persona 4 Revival Announced At Xbox Games Showcase 2025

CVE-2024-13307 – Reales WP Real Estate WordPress Theme Unauthenticated File Deletion and Authorization Bypass Vulnerability

Critical Wazuh bug exploited in growing Mirai botnet infection

The June 2025 Security Update Review

Enhancing Numeric Validation with Laravel’s Fluent Rule Interface

Windows 11 version 25H2: Everything you need to know about Microsoft’s next OS release

CVE-2025-5441 – Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 Os Command Injection Vulnerability

DistroWatch Weekly, Issue 1121

CVE-2025-39389 – Solid Plugins AnalyticsWP SQL Injection

This crazy throwback to old-school ninja action games just got even crazier with its latest trailer, as it heads to Xbox and PC this summer

My Favorite Obsidian Plugins and Their Hidden Settings

CVE-2025-47733 – Microsoft Power Apps SSRF Vulnerability

CVE-2024-13307 – Reales WP Real Estate WordPress Theme Unauthenticated File Deletion and Authorization Bypass Vulnerability

Related Posts