CVE-2023-6048

Exploit

EPSS 0.1%
Veröffentlicht 15.01.2024 16:15:12
Zuletzt bearbeitet 03.06.2025 14:15:36
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Estatik Real Estate Plugin <= 4.1.0 - Missing Authorization to Limited Arbitrary Options Update

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset

Mögliche Gegenmaßnahme

Estatik Real Estate Plugin: Update to version 4.1.1, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Estatik Real Estate Plugin

Version *-4.1.0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Estatik ≫ Estatik SwPlatformwordpress Version < 4.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.277

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://wpscan.com/vulnerability/74cb07fe-fc82-472f-8c52-859c176d9e51

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/ae6a00ef-1a3f-47cd-9e55-f28b74999198

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-6048

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-6048

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-6048

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-6048