WordPress Plugin Vulnerability in Essential Real Estate by a Leading Vendor
CVE-2023-6140

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Essential Real Estate
Vendor: CVE Published:; 8 January 2024

What is CVE-2023-6140?

The Essential Real Estate WordPress plugin prior to version 4.4.0 contains a vulnerability that allows users with limited site privileges, such as subscribers, to upload potentially malicious PHP files by disguising them as ZIP archives. This flaw may enable an attacker to execute arbitrary code remotely, posing a significant security risk to the affected WordPress installations. Website administrators should ensure they are using the latest version of the plugin to mitigate this vulnerability.

References

https://wpscan.com/vulnerability/c837eaf3-fafd-45a2-8f5e-...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 8, 2024

Wordpress

What is CVE-2023-6140?

References

CVSS V3.1

Timeline