Test ID:	1.3.6.1.4.1.25623.1.0.171110
Category:	Privilege escalation
Title:	WordPress InspiryThemes RealHomes Theme Multiple Privilege Escalation Vulnerabilities (Jan 2025)
Summary:	The WordPress theme RealHomes by InspiryThemes is prone to; multiple privilege escalation vulnerabilities.
Description:	Summary: The WordPress theme RealHomes by InspiryThemes is prone to multiple privilege escalation vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - CVE-2024-32444: This vulnerability occurs because the code that handles user input doesn't have any authorization or nonce check. If registration is enabled on the settingd any attacker can takeover the website. The theme also doesn't check if the user is calling the inspiry_ajax_register action with a $user_role parameter and has permission to create Administrator role accounts, allowing anyone to generate one. - CVE-2024-32555: Unauthenticated privilege escalation via the social login. Vulnerability Impact: These vulnerabilities allow any unauthenticated user to increase their privileges and take over the WordPress site by performing a series of HTTP requests. Affected Software/OS: All versions of WordPress theme RealHomes by InspiryThemes. Solution: No known solution is available as of 06th February, 2025. Information regarding this issue will be updated once solution details are available. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2024-32444 Common Vulnerability Exposure (CVE) ID: CVE-2024-32555
Copyright	Copyright (C) 2025 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.