Essential Real Estate <= 4.4.4 is vulnerable to Insecure Direct Object Reference to Arbitrary Attachment Deletion vulnerability

The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the remove_property_attachment_ajax() function in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachments.