Lucene search
HistoryJan 08, 2024 - 7:15 p.m.
CVE-2023-6141
wordpress
xss
security
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0
Percentile
14.0%
The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks.
Affected configurations
Node
g5plusessential_real_estateRange<4.4.0wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| g5plus | essential_real_estate | * | cpe:2.3:a:g5plus:essential_real_estate:*:*:*:*:*:wordpress:*:* |
Related
cvelist
cvelist
CVE-2023-6141 Essential Real Estate < 4.4.0 - Subscriber+ Stored XSS
2024-01-08 19:00:35
cve
cve
CVE-2023-6141
2024-01-08 19:15:10
wpexploit
wpexploit
Essential Real Estate < 4.4.0 - Subscriber+ Stored XSS
2023-12-18 00:00:00
wpvulndb
wpvulndb
Essential Real Estate < 4.4.0 - Subscriber+ Stored XSS
2023-12-18 00:00:00
prion
prion
Cross site scripting
2024-01-08 19:15:00
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0
Percentile
14.0%
Related for NVD:CVE-2023-6141