Lucene search

[email protected]NVD:CVE-2023-4239

HistoryAug 09, 2023 - 3:15 a.m.

CVE-2023-4239

2023-08-0903:15:45

[email protected]

web.nvd.nist.gov

wordpress

real estate manager

cve-2023-4239

privilege escalation

vulnerability

profile update

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

24.0%

JSON

The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7.1 due to insufficient restriction on the ‘rem_save_profile_front’ function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the ‘wp_capabilities’ parameter during a profile update.

Affected configurations

Nvd

Node

webcodingplacereal_estate_managerRange≤6.7.1wordpress

VendorProductVersionCPE
webcodingplacereal_estate_manager*cpe:2.3:a:webcodingplace:real_estate_manager:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
webcodingplace	real_estate_manager	*	cpe:2.3:a:webcodingplace:real_estate_manager::::::wordpress::*

References

plugins.trac.wordpress.org/browser/real-estate-manager/tags/6.7.1/classes/shortcodes.class.php#L1439

www.wordfence.com/threat-intel/vulnerabilities/id/d83d1fd0-6e21-406e-a7c0-89d26eabbb32?source=cve

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

24.0%

JSON

Related for NVD:CVE-2023-4239

prion1 wpvulndb1 cve1 cvelist1 wordfence2