CVE-2023-6048

MEDIUM

Estatik Real Estate Plugin WordPress <4.1.1 - Privilege Escalation

Title source: llm
STIX 2.1

Description

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/74cb07fe-fc82-472f-8c52-859c176d9e51

Scores

CVSS v3 6.5
EPSS 0.0061
EPSS Percentile 44.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
estatik/estatik < 4.1.1
Published Jan 15, 2024
Tracked Since Feb 18, 2026