exploitDog

CVE-2023-6048

Опубликовано: 15 янв. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset

Ссылки

https://wpscan.com/vulnerability/74cb07fe-fc82-472f-8c52-859c176d9e51
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/74cb07fe-fc82-472f-8c52-859c176d9e51
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:estatik:estatik:*:*:*:*:*:wordpress:*:*

Версия до 4.1.1 (исключая)

EPSS

Процентиль: 27%

0.00098

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-g9mm-pm8r-4ggj

CVSS3: 6.5

github

около 2 лет назад

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset

EPSS

Процентиль: 27%

0.00098

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-862