The Realteo WordPress plugin prior to 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the property_id parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
purethemes findeo |
||
purethemes realteo |