CVE-2024-13318
Essential WP Real Estate <= 1.1.3 - Missing Authorization to Arbitrary Post/Page DeletionThe Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cl_delete_listing_func() function in all versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to delete arbitrary pages and posts.
We have discovered 10 live websites that are affected by CVE-2024-13318.
Affected Software
| Product |  Essential Wp Real Estate |
| Category | Wordpress Plugins |
| Vulnerable Domains | 10 live websites (100% of Essential Wp Real Estate install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 1 versions ( 100% of all versions) |
Common Weakness Enumeration
CWE-463 Deletion of Data Structure SentinelDetails
- Published - Jan 10, 2025
- Updated - Jan 10, 2025
Credits
- Thanh Nam Tran (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2024-13318 United States | 3 websites |
 Italy | 2 websites |
 Denmark | 1 websites |
 Spain | 1 websites |
 Mexico | 1 websites |
 Singapore | 1 websites |
 Zimbabwe | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2024-13318| .com | 3 websites |
| .it | 2 websites |
| .be | 1 websites |
| .es | 1 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-13318
Top websites that are affected by CVE-2024-13318. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ************.be | Denmark | *,***,*** | |
| *******.cl | United States | **,***,*** | |
| **********************.it | Italy | **,***,*** | |
| ********.com | United States | **,***,*** | |
| ***********************.it | Italy | **,***,*** | |
| *****.es | Spain | **,***,*** | |
| ************.**.zw | Zimbabwe | **,***,*** | |
| ********.***.mx | Mexico | ***,***,*** | |
| **********.com | United States | ***,***,*** | |
| **************.com | Singapore | ***,***,*** |
FAQ
CVE-2024-13318 is Deletion of Data Structure Sentinel in Essential Wp Real Estate
A total of 10 websites have been identified as vulnerable to CVE-2024-13318, based on global website indexing conducted by WebTechSurvey.
The Essential Wp Real Estate is affected by the CVE-2024-13318 vulnerability.
Essential Wp Real Estate versions up to and including 1.1.3 are vulnerable to CVE-2024-13318.