CVE-2023-6048Missing Authorization in Estatik

CWE-862Missing Authorization3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 77.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Estatik
Timeline
PublishedJan 15

Description

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDestatik/estatik< 4.1.1

🔴Vulnerability Details

2
GHSA
GHSA-g9mm-pm8r-4ggj: The Estatik Real Estate Plugin WordPress plugin before 42024-01-15
CVEList
Estatik Real Estate Plugin < 4.1.1 - Subscriber+ Arbitrary Option Update2024-01-15
CVE-2023-6048 — Missing Authorization in Estatik | cvebase