Plateforme
wordpress
Composant
easy-real-estate
Corrigé dans
2.2.7
2.3.0
CVE-2024-32555 represents a critical Privilege Escalation vulnerability affecting the Easy Real Estate plugin for WordPress. This flaw allows unauthenticated attackers to elevate their privileges to administrator level, granting them complete control over the affected WordPress site. The vulnerability impacts versions of the plugin up to and including 2.2.9, with a fix available in version 2.3.0.
Successful exploitation of CVE-2024-32555 allows an attacker to bypass authentication and immediately assume administrator privileges. This grants them unrestricted access to the entire WordPress site, including sensitive data such as user credentials, financial information, and customer data. An attacker could modify content, install malicious plugins, redirect users to phishing sites, or even completely deface the website. The potential for data breaches and reputational damage is significant, especially for real estate businesses relying on this plugin to manage listings and client information.
CVE-2024-32555 was publicly disclosed on January 20, 2025. While no public proof-of-concept (PoC) code has been released as of this writing, the critical severity and ease of exploitation suggest a high probability of exploitation. The vulnerability is not currently listed on the CISA KEV catalog, but its severity warrants close monitoring. Given the plugin's popularity, it's likely to become a target for automated exploitation tools.
Real estate businesses and organizations utilizing the Easy Real Estate plugin for WordPress are at significant risk. Specifically, sites running older versions of the plugin (≤2.2.9) and those with limited security monitoring or WAF protection are particularly vulnerable. Shared hosting environments where plugin updates are not consistently managed are also at increased risk.
• wordpress / composer / npm:
wp plugin list | grep "Easy Real Estate"• wordpress / composer / npm:
wp plugin update --all• wordpress / composer / npm:
wp plugin status | grep "Easy Real Estate"• wordpress / composer / npm:
wp plugin version | grep "Easy Real Estate"disclosure
Statut de l'Exploit
EPSS
0.11% (percentile 29%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2024-32555 is to immediately upgrade the Easy Real Estate plugin to version 2.3.0 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily restricting access to the WordPress admin panel to trusted users only. While not a complete solution, implementing a Web Application Firewall (WAF) with rules to block suspicious privilege escalation attempts can provide an additional layer of defense. Monitor WordPress access logs for unusual activity, particularly failed login attempts followed by successful administrative actions.
Mettre à jour vers la version 2.3.0, ou une version corrigée plus récente
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2024-32555 is a critical vulnerability in the Easy Real Estate WordPress plugin allowing unauthenticated attackers to gain administrator privileges. It affects versions up to 2.2.9, with a CVSS score of 9.8.
Yes, if you are using Easy Real Estate plugin version 2.2.9 or earlier, you are vulnerable to this privilege escalation attack. Check your plugin version immediately.
Upgrade the Easy Real Estate plugin to version 2.3.0 or later to resolve the vulnerability. If immediate upgrade is not possible, restrict admin access and consider WAF rules.
While no public exploits are currently known, the vulnerability's severity and ease of exploitation suggest a high probability of active exploitation. Monitor your systems closely.
Refer to the official Easy Real Estate plugin website or WordPress plugin repository for the latest security advisory and update information regarding CVE-2024-32555.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.