CVE-2024-32555

Critical

Published: 21 January 2025

Published

21 January 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0024 46.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Incorrect Privilege Assignment vulnerability in InspiryThemes Easy Real Estate easy-real-estate allows Privilege Escalation.This issue affects Easy Real Estate: from n/a through <= 2.2.9.

Security Summary

CVE-2024-32555 is an Incorrect Privilege Assignment vulnerability (CWE-266) in the Easy Real Estate WordPress plugin developed by InspiryThemes. This flaw enables privilege escalation and affects all versions of the easy-real-estate plugin up to and including 2.2.9.

The vulnerability carries a CVSS v3.1 base score of 9.8 (Critical), indicating it is exploitable over the network (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N), and resulting in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H). Unauthenticated remote attackers can leverage this issue to escalate privileges within affected WordPress installations.

Patchstack's advisory (https://patchstack.com/database/Wordpress/Plugin/easy-real-estate/vulnerability/wordpress-easy-real-estate-plugin-2-2-6-privilege-escalation-vulnerability?_s_id=cve) documents the privilege escalation vulnerability, specifically highlighting it in version 2.2.6, and serves as a key reference for mitigation guidance.

Details

CWE(s): CWE-266

References

https://patchstack.com/database/Wordpress/Plugin/easy-real-estate/vulnerability/wordpress-easy-real-estate-plugin-2-2-6-privilege-escalation-vulnerability?_s_id=cve
audit@patchstack.com