Lucene search

PRIOn knowledge basePRION:CVE-2023-6827

HistoryDec 15, 2023 - 8:15 a.m.

Input validation

2023-12-1508:15:00

PRIOn knowledge base

www.prio-n.com

wordpress

file upload

vulnerability

arbitrary files

remote code execution

nvd

7.9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.3%

JSON

The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the ‘ajaxUploadFonts’ function in versions up to, and including, 4.3.5. This makes it possible for authenticated attackers with subscriber-level capabilities or above, to upload arbitrary files on the affected site’s server which may make remote code execution possible.

CPENameOperatorVersion
essential_real_estatele4.3.5

CPE	Name	Operator	Version
	essential_real_estate	le	4.3.5

References

plugins.trac.wordpress.org/browser/essential-real-estate/tags/4.3.5/lib/smart-framework/core/fonts/fonts.class.php

plugins.trac.wordpress.org/changeset/3009780/essential-real-estate

www.wordfence.com/threat-intel/vulnerabilities/id/8bb2ce22-077b-41dd-a2ff-cc1db9d20d38?source=cve