CVE-2024-13307 – Reales WP Real Estate WordPress Theme Unauthenticated File Deletion and Authorization Bypass Vulnerability

April 24, 2025

CVE ID : CVE-2024-13307

Published : April 24, 2025, 9:15 a.m. | 1 hour, 28 minutes ago

Description : The Reales WP – Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘reales_delete_file’, ‘reales_delete_file_plans’, ‘reales_add_to_favourites’, and ‘reales_remove_from_favourites’ functions in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to delete arbitrary attachments, and add or remove favorite property listings for any user.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2579 – Lottie Player WordPress Stored Cross-Site Scripting Vulnerability

Next Article CVE-2024-12244 – GitLab EE Information Disclosure

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

AMD Radeon graphics driver brings FSR 4 support to The Elder Scrolls IV: Oblivion Remastered and Assassin’s Creed Shadows

What is Model Context Protocol? The emerging standard bridging AI and data, explained

Netflix introduces a new ‘dialogue only’ subtitles option (crowd cheers)

I’ve never worn a pair of headphones quite like these – and they’re a swimmer’s delight

Closing Deals Faster: The Future of Sales with AI & Personalization

Closing Deals Faster: The Future of Sales with AI & Personalization

Perficient Wins Organization of the Year in the 2025 Customer Service Excellence Awards

Bring back the fun with p5.js 2.0

AMD Radeon graphics driver brings FSR 4 support to The Elder Scrolls IV: Oblivion Remastered and Assassin’s Creed Shadows

AMD Radeon graphics driver brings FSR 4 support to The Elder Scrolls IV: Oblivion Remastered and Assassin’s Creed Shadows

Linux Candy: Hidamari is fun video wallpaper for Linux

The Elder Scrolls 4: Oblivion Remastered — Xbox Game Pass, platforms, and everything you need to know

CVE-2024-13307 – Reales WP Real Estate WordPress Theme Unauthenticated File Deletion and Authorization Bypass Vulnerability

April 2025 Patch Tuesday: One Zero-Day and 11 Critical Vulnerabilities Among 121 CVEs

SAP Confirms Critical NetWeaver Flaw Amid Suspected Zero-Day Exploitation by Hackers

FBC: Firebreak release date revealed — Remedy details co-op “Control” spin-off shooter filled with evil sticky note monsters

CVE-2025-46421 – Apache Libsoup HTTP Authorization Header Exposure Vulnerability

TRC Staffing Data Breach Fallout: Murphy Law Firm Offers Legal Support to Victims

Windows 10 KB5050081 auto installs new Outlook web, direct download .msu with DAC fix

Chinese State-Backed Cyber Espionage Targets Southeast Asian Government

Microsoft AI Releases AutoGen v0.4: A Comprehensive Update to Enable High-Performance Agentic AI through Asynchronous Messaging and Modular Design

AI unleashes more advanced scams. Here’s what to look out for (and how to stay protected)

When can transformers reason with abstract symbols?

CVE-2024-13307 – Reales WP Real Estate WordPress Theme Unauthenticated File Deletion and Authorization Bypass Vulnerability

Related Posts