Lucene search
K

3 matches found

Vulnrichment
Vulnrichment
added 2024/06/04 5:32 a.m.24 views

CVE-2024-4274 Essential Real Estate <= 4.4.2 - Insecure Direct Object Reference to Arbitrary Attachment Deletion

The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the removepropertyattachmentajax function in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS6.7AI score0.00462EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/06/04 5:32 a.m.23 views

CVE-2024-4274 Essential Real Estate <= 4.4.2 - Insecure Direct Object Reference to Arbitrary Attachment Deletion

The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the removepropertyattachmentajax function in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS4.5AI score0.00462EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/06/04 12:0 a.m.21 views

WordPress Essential Real Estate Plugin <= 4.4.4 is vulnerable to Insecure Direct Object References (IDOR)

Software Essential Real Estate Type Plugin Vulnerable versions = 4.4.4 Fixed in 4.4.5 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-4274 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ccac1e739e5c Credits Lucio S...

4.3CVSS6.5AI score0.00462EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder