6.5

CVE-2023-6048

Exploit

Estatik Real Estate Plugin < 4.1.1 - Subscriber+ Arbitrary Option Update

Estatik Real Estate Plugin <= 4.1.0 - Missing Authorization to Limited Arbitrary Options Update

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset
Mögliche Gegenmaßnahme
Estatik Real Estate Plugin: Update to version 4.1.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
EstatikEstatik SwPlatformwordpress Version < 4.1.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt Estatik Real Estate Plugin
Version *-4.1.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.61% 0.444
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://wpscan.com/vulnerability/74cb07fe-fc82-472f-8c52-859c176d9e51
Third Party Advisory
Exploit
https://www.wordfence.com/threat-intel/vulnerabilities/id/ae6a00ef-1a3f-47cd-9e55-f28b74999198
Third Party Advisory