Cyber Resilience

CVE-2024-32444

Critical

Published: 03 September 2025

Published
03 September 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0021 43.5th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-32444 is a critical-severity Incorrect Privilege Assignment (CWE-266) vulnerability in Inspirythemes Realhomes. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 43.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2024-32444 is an Incorrect Privilege Assignment vulnerability (CWE-266) in the RealHomes WordPress theme developed by InspiryThemes. This flaw enables privilege escalation and affects all versions of RealHomes from n/a through 4.3.6.

The vulnerability carries a CVSS v3.1 base score of 9.8 (Critical), with attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and unchanged scope (S:U). Unauthenticated attackers can exploit it remotely to escalate privileges, achieving high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H).

Patchstack's advisory provides details on this privilege escalation vulnerability in RealHomes version 4.3.6; security practitioners should consult https://patchstack.com/database/Wordpress/Theme/realhomes/vulnerability/wordpress-real-homes-plugin-4-3-6-privilege-escalation-vulnerability?_s_id=cve for mitigation guidance and patches.

EU & UK References

Vulnerability details

Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <= 4.3.6.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Directly enables remote unauthenticated exploitation for privilege escalation via incorrect privilege assignment in a public-facing WordPress component.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-42368Shared CWE-266
CVE-2025-69293Shared CWE-266
CVE-2026-42680Shared CWE-266
CVE-2025-69378Shared CWE-266
CVE-2026-27102Shared CWE-266
CVE-2025-22736Shared CWE-266
CVE-2024-40591Shared CWE-266
CVE-2026-48879Shared CWE-266
CVE-2025-33179Shared CWE-266
CVE-2026-25414Shared CWE-266

Affected Assets

inspirythemes
realhomes
≤ 4.3.7

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2024-32444 by requiring timely identification, reporting, and correction of the privilege escalation flaw in the RealHomes WordPress theme.

prevent

Counters incorrect privilege assignment by enforcing the principle of least privilege, preventing escalation to unauthorized higher privileges.

prevent

Supports mitigation through systematic account management and privilege reviews that can identify and correct improper privilege assignments exploited by the vulnerability.

References