5.3
CVE-2021-4388
- EPSS 0.13%
- Veröffentlicht 01.07.2023 05:15:15
- Zuletzt bearbeitet 21.11.2024 06:37:34
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginOpal Estate <= 1.6.11 - Missing Authorization
The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. This is due to missing capability checks on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties.
Mögliche Gegenmaßnahme
Opal Estate: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Opal Estate
Version
* - 1.6.11
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wpopal ≫ Opal Estate SwPlatformwordpress Version <= 1.6.11
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.334 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| security@wordfence.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.