What is CVE-2021-24238?

CVE-2021-24238 is a vulnerability in Purethemes Findeo, classified under Improper Access Control. Published 2021-04-22.

Is CVE-2021-24238 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Purethemes Findeo

CVE-2021-24238

The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tamperi…

EPSS: 0.003 (53.3th percentile) — read the EPSS interpretation.

Affected products

Purethemes Findeo — versions 1.3.1
Purethemes Realteo — versions 1.2.4

Weakness classification (CWE)

CWE-284 — Improper Access Control

Public proof-of-concept exploits

20142995/nuclei-templates

References

www.docs.purethemes.net/findeo/knowledge-base/changelog-findeo/ (x_refsource_MISC)
wpscan.com/vulnerability/b8434eb2-f522-484f-9227-5f581e7f48a5 (x_refsource_CONFIRM)
m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-284]-Findeo-WordPress-Theme… (x_refsource_MISC)
m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-284]-Realteo-WordPress-Plug… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-24238?: CVE-2021-24238 is a vulnerability in Purethemes Findeo, classified under Improper Access Control. Published 2021-04-22.
Is CVE-2021-24238 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.