Cross-Site Request Forgery Vulnerability in Opal Estate Plugin for WordPress
CVE-2021-4387
4.3MEDIUM
What is CVE-2021-4387?
The Opal Estate plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation in its core functions. This vulnerability allows attackers to exploit the plugin by tricking site administrators into executing malicious actions, such as setting or removing featured properties, without their knowledge. The affected versions include all iterations up to 1.6.11, underscoring the need for urgent updates to mitigate potential unauthorized access.
Affected Version(s)
Opal Estate * <= 1.6.11