exploitDog

CVE-2023-6140

Опубликовано: 08 янв. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution.

Ссылки

https://wpscan.com/vulnerability/c837eaf3-fafd-45a2-8f5e-03afb28a765b
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/c837eaf3-fafd-45a2-8f5e-03afb28a765b
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:g5plus:essential_real_estate:*:*:*:*:*:wordpress:*:*

Версия до 4.4.0 (исключая)

EPSS

Процентиль: 88%

0.03888

Низкий

8.8 High

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-pmx3-5c86-vxfm

CVSS3: 8.8

github

около 2 лет назад

The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution.

EPSS

Процентиль: 88%

0.03888

Низкий

8.8 High

CVSS3

Дефекты

CWE-434