{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-13421", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-01-15T18:49:58.633Z", "datePublished": "2025-02-12T04:22:15.326Z", "dateUpdated": "2025-02-12T16:09:23.340Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-02-12T04:22:15.326Z"}, "affected": [{"vendor": "contempoinc", "product": "Real Estate 7 WordPress", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "3.5.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected during registration. This makes it possible for unauthenticated attackers to register a new administrative user account."}], "title": "Real Estate 7 WordPress <= 3.5.1 - Unauthenticated Privilege Escalation to Administrator", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a50b3304-d55b-487a-8137-d5083c704cf4?source=cve"}, {"url": "https://themeforest.net/item/wp-pro-real-estate-7-responsive-real-estate-wordpress-theme/12473778"}, {"url": "https://contempothemes.com/changelog/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-266 Incorrect Privilege Assignment", "cweId": "CWE-266", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Lucio S\u00e1"}], "timeline": [{"time": "2025-02-11T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-12T16:00:43.346525Z", "id": "CVE-2024-13421", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T16:09:23.340Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-13421", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-12T16:00:43.346525Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T16:00:56.479Z"}}], "cna": {"title": "Real Estate 7 WordPress <= 3.5.1 - Unauthenticated Privilege Escalation to Administrator", "credits": [{"lang": "en", "type": "finder", "value": "Lucio S\u00e1"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "contempoinc", "product": "Real Estate 7 WordPress", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "3.5.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-02-11T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a50b3304-d55b-487a-8137-d5083c704cf4?source=cve"}, {"url": "https://themeforest.net/item/wp-pro-real-estate-7-responsive-real-estate-wordpress-theme/12473778"}, {"url": "https://contempothemes.com/changelog/"}], "descriptions": [{"lang": "en", "value": "The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected during registration. This makes it possible for unauthenticated attackers to register a new administrative user account."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "CWE-266 Incorrect Privilege Assignment"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-02-12T04:22:15.326Z"}}}, "cveMetadata": {"cveId": "CVE-2024-13421", "state": "PUBLISHED", "dateUpdated": "2025-02-12T16:09:23.340Z", "dateReserved": "2025-01-15T18:49:58.633Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-02-12T04:22:15.326Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:contempothemes:real_estate_7:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9B9F8431-754A-4DDE-A170-988CAE7C66E3", "versionEndExcluding": "3.5.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected during registration. This makes it possible for unauthenticated attackers to register a new administrative user account."}, {"lang": "es", "value": "El tema Real Estate 7 WordPress para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta incluida, 3.5.1. Esto se debe a que el complemento no restringe correctamente los roles que se pueden seleccionar durante el registro. Esto hace posible que atacantes no autenticados registren una nueva cuenta de usuario administrativo."}], "id": "CVE-2024-13421", "lastModified": "2025-02-25T04:00:16.123", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-02-12T05:15:11.653", "references": [{"source": "security@wordfence.com", "tags": ["Release Notes"], "url": "https://contempothemes.com/changelog/"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://themeforest.net/item/wp-pro-real-estate-7-responsive-real-estate-wordpress-theme/12473778"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a50b3304-d55b-487a-8137-d5083c704cf4?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}], "source": "security@wordfence.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}