CVE-2023-6140

Published: Jan 8, 2024Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution.

Affected (1)

Products: G5plus: Essential Real Estate

G5plus

1 product

Essential Real Estate

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
G5plus Essential Real Estate	Before 4.4.0

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://wpscan.com/vulnerability/c837eaf3-fafd-45a2-8f5e-03afb28a765b

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/c837eaf3-fafd-45a2-8f5e-03afb28a765b

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.