- Patchstack found two errors in a WordPress theme and an inspi -inspiThemes complement
- The errors were not solved in the last three versions.
- Users are recommended to disable products or limit the creation of new accounts.
It has been discovered that a popular word and complement of WordPress presents vulnerabilities that allow malicious actors to raise their privileges to administrator.
WordPress Security Researchers, Patchstack, revealed that the subject and complement in question are called Realhomes and Easy Real Estate, both designed by Inspirythemes and designed to be used in the real estate industry. Vulnerabilities are tracked as CVE-2024-32444 and CVE-2024-32555, and both have a 9.8/10 gravity score (criticism). Both failures allow malicious actors to raise their privileges to administrator, obtaining total WordPress site and allowing them to install, eliminate or modify accessories, alter the content, filter confidential data and more.
Citing Market Encavanto data, Patchstack says that Realhomes was bought 32,600 times, suggesting that the panorama of attacks is quite large.
There is no inspi -inspired response
Patchstack warned the administrators of the website to disable resources immediately, since errors have existed for months and there is still no sight patch.
The researchers also claim that they tried, on multiple occasions, to contact Inspirhemes and warn them about failures. The company supposedly did not respond to its consultations but, meanwhile, launched three new versions of defective software. In the three versions, vulnerabilities were not addressed.
Since they are also present in the most recent versions, Patchstack urged users to deactivate the topic and complement immediately to mitigate the potential risk of site appropriation. Alternatively, administrators could restrict the user registry, since the error cannot be exploited in an environment where new accounts cannot be generated.
In general, when an error becomes public, threat actors begin to look for vulnerable websites, since they can be easily exploited.
WordPress complements and themes remain one of the most popular objectives for cybercriminals, given the enormous popularity of the website creation platform worldwide.
Through Pitidocomputadora
