Lucene search

K
cve[email protected]CVE-2023-6048
HistoryJan 15, 2024 - 4:15 p.m.

CVE-2023-6048

2024-01-1516:15:12
CWE-862
web.nvd.nist.gov
21
cve-2023
estatik real estate plugin
wordpress
privilege escalation
dos
nvd

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

13.3%

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site’s options to 1, which could be used to break sites and lead to DoS when certain options are reset

Affected configurations

Vulners
NVD
Node
phpstorereal_estateRange<4.1.1
VendorProductVersionCPE
real\-estate\-scriptsreal\-estate\-scripts*cpe:2.3:a:real\-estate\-scripts:real\-estate\-scripts:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Estatik Real Estate Plugin",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "4.1.1"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

13.3%

Related for CVE-2023-6048