Cyber Posture

CVE-2024-32444

Critical

Published: 03 September 2025

Published
03 September 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0020 42.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-32444 is a critical-severity Incorrect Privilege Assignment (CWE-266) vulnerability in Inspirythemes Realhomes. Its CVSS base score is 9.8 (Critical).

Operationally, ranked at the 42.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates CVE-2024-32444 by requiring timely identification, reporting, and correction of the privilege escalation flaw in the RealHomes WordPress theme.

AC-6 Least Privilege good match
prevent

Counters incorrect privilege assignment by enforcing the principle of least privilege, preventing escalation to unauthorized higher privileges.

AC-2 Account Management partial match
prevent

Supports mitigation through systematic account management and privilege reviews that can identify and correct improper privilege assignments exploited by the vulnerability.

NVD Description

Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <= 4.3.6.

Deeper analysisAI

CVE-2024-32444 is an Incorrect Privilege Assignment vulnerability (CWE-266) in the RealHomes WordPress theme developed by InspiryThemes. This flaw enables privilege escalation and affects all versions of RealHomes from n/a through 4.3.6.

The vulnerability carries a CVSS v3.1 base score of 9.8 (Critical), with attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and unchanged scope (S:U). Unauthenticated attackers can exploit it remotely to escalate privileges, achieving high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).

Patchstack's advisory provides details on this privilege escalation vulnerability in RealHomes version 4.3.6; security practitioners should consult https://patchstack.com/database/Wordpress/Theme/realhomes/vulnerability/wordpress-real-homes-plugin-4-3-6-privilege-escalation-vulnerability?_s_id=cve for mitigation guidance and patches.

Details

CWE(s)
CWE-266

Affected Products

inspirythemes
realhomes
≤ 4.3.7

CVEs Like This One

CVE-2024-13251Shared CWE-266
CVE-2026-27102Shared CWE-266
CVE-2024-12470Shared CWE-266
CVE-2025-69293Shared CWE-266
CVE-2026-25414Shared CWE-266
CVE-2026-22907Shared CWE-266
CVE-2026-32520Shared CWE-266
CVE-2025-31643Shared CWE-266
CVE-2024-43333Shared CWE-266
CVE-2025-33179Shared CWE-266

References