Arbitrary File Upload Vulnerability in Essential Real Estate Plugin for WordPress
CVE-2023-6827
7.5HIGH
What is CVE-2023-6827?
The Essential Real Estate plugin for WordPress is vulnerable due to inadequate file type validation in its 'ajaxUploadFonts' function. This vulnerability allows authenticated attackers, who possess subscriber-level permissions or higher, to upload arbitrary files to the server where the affected site is hosted. Such file uploads could potentially lead to remote code execution, compromising the integrity and security of the entire site.
Affected Version(s)
Essential Real Estate 0 <= 4.3.5