5 matches found
CVE-2023-6141
The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks...
CVE-2023-6141
The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks...
CVE-2023-6141 Essential Real Estate < 4.4.0 - Subscriber+ Stored XSS
The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks...
CVE-2023-6141 Essential Real Estate < 4.4.0 - Subscriber+ Stored XSS
The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks...
CVE-2023-6141
The Essential Real Estate WordPress plugin prior to version 4.4.0 is vulnerable due to missing capability checks on AJAX actions, enabling a subscriber-level attacker to perform Stored XSS. Root cause: improper authorization in AJAX handlers. Impact: stored XSS possible with a subscriber account;...