CVE-2023-6140

The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution.
Configurations

Configuration 1 (hide)

cpe:2.3:a:g5plus:essential_real_estate:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 08:43

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/c837eaf3-fafd-45a2-8f5e-03afb28a765b - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/c837eaf3-fafd-45a2-8f5e-03afb28a765b - Exploit, Third Party Advisory

11 Jan 2024, 19:50

Type Values Removed Values Added
CPE cpe:2.3:a:g5plus:essential_real_estate:*:*:*:*:*:wordpress:*:*
CWE CWE-434
References () https://wpscan.com/vulnerability/c837eaf3-fafd-45a2-8f5e-03afb28a765b - () https://wpscan.com/vulnerability/c837eaf3-fafd-45a2-8f5e-03afb28a765b - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
First Time G5plus
G5plus essential Real Estate
Summary
  • (es) El complemento Essential Real Estate de WordPress anterior a 4.4.0 no impide que los usuarios con privilegios limitados en el sitio, como los suscriptores, carguen momentáneamente archivos PHP maliciosos disfrazados de archivos ZIP, lo que puede provocar la ejecución remota de código.

08 Jan 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-08 19:15

Updated : 2024-11-21 08:43


NVD link : CVE-2023-6140

Mitre link : CVE-2023-6140

CVE.ORG link : CVE-2023-6140


JSON object : View

Products Affected

g5plus

  • essential_real_estate
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type