CVE-2023-6050

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

6.1MEDIUM

EPSS

0.1%

top 71.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Estatik Real Estate Plugin Estatik Estatik

Timeline

PublishedJan 15

Description

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5unknown/estatik_real_estate_plugin< 4.1.1

▶NVDestatik/estatik< 4.1.1

🔴Vulnerability Details

CVEList

Estatik Real Estate Plugin < 4.1.1 - Reflected XSS↗2024-01-15

▶

GHSA

GHSA-x2vc-c3wq-5j89: The Estatik Real Estate Plugin WordPress plugin before 4↗2024-01-15

▶

OSV

git vulnerabilities↗2023-05-17

▶