CVE-2023-6048

2024-01-1516:15:12

CWE-862

[email protected]

web.nvd.nist.gov

cve-2023

estatik real estate plugin

wordpress

privilege escalation

dos

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

13.5%

JSON

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site’s options to 1, which could be used to break sites and lead to DoS when certain options are reset

Affected configurations

Vulners

NVD

Node

real-estate-scriptsreal-estate-scriptsRange<4.1.1

VendorProductVersionCPE
real\-estate\-scriptsreal\-estate\-scripts*cpe:2.3:a:real\-estate\-scripts:real\-estate\-scripts:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
real\-estate\-scripts	real\-estate\-scripts	*	cpe:2.3:a:real\-estate\-scripts:real\-estate\-scripts::::::::

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Estatik Real Estate Plugin",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "4.1.1"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]