CVE-2024-13421

{"id": "CVE-2024-13421", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-02-12T05:15:11.653", "references": [{"url": "https://contempothemes.com/changelog/", "tags": ["Release Notes"], "source": "security@wordfence.com"}, {"url": "https://themeforest.net/item/wp-pro-real-estate-7-responsive-real-estate-wordpress-theme/12473778", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a50b3304-d55b-487a-8137-d5083c704cf4?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-266"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected during registration. This makes it possible for unauthenticated attackers to register a new administrative user account."}, {"lang": "es", "value": "El tema Real Estate 7 WordPress para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta incluida, 3.5.1. Esto se debe a que el complemento no restringe correctamente los roles que se pueden seleccionar durante el registro. Esto hace posible que atacantes no autenticados registren una nueva cuenta de usuario administrativo."}], "lastModified": "2025-02-25T04:00:16.123", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:contempothemes:real_estate_7:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "9B9F8431-754A-4DDE-A170-988CAE7C66E3", "versionEndExcluding": "3.5.2"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}