The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/c837eaf3-fafd-45a2-8f5e-03afb28a765b | Exploit Third Party Advisory |
Configurations
History
11 Jan 2024, 19:50
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:g5plus:essential_real_estate:*:*:*:*:*:wordpress:*:* | |
CWE | CWE-434 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | () https://wpscan.com/vulnerability/c837eaf3-fafd-45a2-8f5e-03afb28a765b - Exploit, Third Party Advisory | |
First Time |
G5plus essential Real Estate
G5plus |
08 Jan 2024, 19:30
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-08 19:15
Updated : 2024-09-04 16:35
NVD link : CVE-2023-6140
Mitre link : CVE-2023-6140
CVE.ORG link : CVE-2023-6140
JSON object : View
Products Affected
g5plus
- essential_real_estate
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type