5.3
CVE-2021-4388
- EPSS 0.73%
- Veröffentlicht 01.07.2023 05:15:15
- Zuletzt bearbeitet 08.04.2026 18:17:17
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginOpal Estate <= 1.6.11 - Missing Authorization
Opal Estate <= 1.6.11 - Missing Authorization
The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. This is due to missing capability checks on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties.
Mögliche Gegenmaßnahme
Opal Estate: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wpopal ≫ Opal Estate SwPlatformwordpress Version <= 1.6.11
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Opal Estate
Version
*-1.6.11
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.73% | 0.494 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| security@wordfence.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/
https://plugins.trac.wordpress.org/browser/opal-estate/trunk/inc/ajax-functions.php#L177
https://www.wordfence.com/threat-intel/vulnerabilities/id/5ce729a2-a106-45ab-b96c-cfe75246def7?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/5ce729a2-a106-45ab-b96c-cfe75246def7