Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2025/05/23 4:58 a.m.9 views

CVE-2023-6141

The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks...

5.4CVSS5.7AI score0.00403EPSS
Exploits2
osv
osv
added 2024/01/08 7:15 p.m.4 views

CVE-2023-6141

The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks...

5.4CVSS5.8AI score0.00403EPSS
Exploits2References1
vulnrichment
vulnrichment
added 2024/01/08 7:0 p.m.4 views

CVE-2023-6141 Essential Real Estate < 4.4.0 - Subscriber+ Stored XSS

The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks...

5.9AI score0.00403EPSS
Exploits2References1
cvelist
cvelist
added 2024/01/08 7:0 p.m.33 views

CVE-2023-6141 Essential Real Estate < 4.4.0 - Subscriber+ Stored XSS

The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks...

5.4AI score0.00403EPSS
Exploits2References1
cve
cve
added 2024/01/08 7:0 p.m.68 views

CVE-2023-6141

The Essential Real Estate WordPress plugin prior to version 4.4.0 is vulnerable due to missing capability checks on AJAX actions, enabling a subscriber-level attacker to perform Stored XSS. Root cause: improper authorization in AJAX handlers. Impact: stored XSS possible with a subscriber account;...

5.4CVSS5.1AI score0.00403EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder