← volver
CVE-2023-6139

Essential Real Estate < 4.4.0 - Subscriber+ Denial of Service via Arbitrary Option Update

CVSS 6.5 MEDIUMEPSS 0.6%
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.5EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
08 ene 2024Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Denial of Service attacks.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H