CVE-2023-6140
Essential Real Estate < 4.4 - Subscriber+ Arbitrary File Upload
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution.
El complemento Essential Real Estate de WordPress anterior a 4.4.0 no impide que los usuarios con privilegios limitados en el sitio, como los suscriptores, carguen momentáneamente archivos PHP maliciosos disfrazados de archivos ZIP, lo que puede provocar la ejecución remota de código.
*Credits:
Marc Montpas, Krzysztof Zając (CERT PL), WPScan
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-11-14 CVE Reserved
- 2024-01-08 CVE Published
- 2024-09-04 CVE Updated
- 2024-09-04 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/c837eaf3-fafd-45a2-8f5e-03afb28a765b | 2024-09-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| G5plus Search vendor "G5plus" | Essential Real Estate Search vendor "G5plus" for product "Essential Real Estate" | < 4.4.0 Search vendor "G5plus" for product "Essential Real Estate" and version " < 4.4.0" | wordpress |
Affected
| ||||||