Cross-Site Request Forgery Vulnerability in Opal Estate Plugin for WordPress
CVE-2021-4387
4.3MEDIUM
Summary
The Opal Estate plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation in its core functions. This vulnerability allows attackers to exploit the plugin by tricking site administrators into executing malicious actions, such as setting or removing featured properties, without their knowledge. The affected versions include all iterations up to 1.6.11, underscoring the need for urgent updates to mitigate potential unauthorized access.
Affected Version(s)
Opal Estate * <= 1.6.11
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Jerome Bruandet