So I just saw that the RealHome theme and Easy Real Estate plugin for WordPress have some major security issues. Apparently, they let unauthenticated users gain admin access, which sounds really bad.
Patchstack discovered these flaws back in September 2024, but the company behind them (InspiryThemes) hasn’t responded or fixed them, even though they’ve released three updates since then.
If you’re using these on your real estate website, it looks like you’re at risk. Has anyone found a way to protect their site while waiting for a fix?
Milan said:
I don’t get it… how does this vulnerability actually work?
Basically, there’s a function in the theme that lets people register new accounts. The problem is, it doesn’t check permissions properly. Hackers can use it to make themselves admins.
Uma said:
What’s the best way to protect a site if I can’t switch themes right now?
At the very least, disable new user registration and monitor your site for any suspicious activity. You might also want to use a security plugin like Wordfence.