The Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cl_delete_listing_func() function in all versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to delete arbitrary pages and posts.
Weakness
The accidental deletion of a data-structure sentinel can cause serious programming logic problems.
Potential Mitigations
- Run or compile the software using features or extensions that automatically provide a protection mechanism that mitigates or eliminates buffer overflows.
- For example, certain compilers and extensions provide automatic buffer overflow detection mechanisms that are built into the compiled code. Examples include the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice.
References