CVE-2023-6139
Essential Real Estate < 4.4.0 - Subscriber+ Denial of Service via Arbitrary Option Update
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.5EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
08 ene 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Denial of Service attacks.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Productos afectados
Unknown · Essential Real Estate