Lucene search
WPScanCVELIST:CVE-2023-6140HistoryJan 08, 2024 - 7:00 p.m.
CVE-2023-6140 Essential Real Estate < 4.4 - Subscriber+ Arbitrary File Upload
2024-01-0819:00:36
WPScan
www.cve.org
4
essential real estate
wordpress plugin
arbitrary file upload
remote code execution
cve-2023-6140
zip archives
The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution.
CNA Affected
[
{
"vendor": "Unknown",
"product": "Essential Real Estate",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "4.4.0"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
prion
prion
Remote code execution
2024-01-08 19:15:00
vulnrichment
vulnrichment
nvd
nvd
CVE-2023-6140
2024-01-08 19:15:10
cve
cve
CVE-2023-6140
2024-01-08 19:15:10
wpvulndb
wpvulndb
Essential Real Estate < 4.4.0 - Subscriber+ Arbitrary File Upload
2023-12-18 00:00:00
wpexploit
wpexploit
Essential Real Estate < 4.4.0 - Subscriber+ Arbitrary File Upload
2023-12-18 00:00:00