CVE-2023-6048 : The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent us

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset

Published 2024-01-15 16:15:12

Updated 2024-01-19 18:09:11

Source WPScan

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2023-6048

Estatik » Estatik » For Wordpress
Versions before (<) 4.1.1
cpe:2.3:a:estatik:estatik:*:*:*:*:*:wordpress:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-6048

EPSS FAQ

0.22%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 42 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-6048

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	2.8	3.6	NIST	2024-01-19
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2023-6048

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-6048

https://wpscan.com/vulnerability/74cb07fe-fc82-472f-8c52-859c176d9e51

Just a moment...
Exploit;Third Party Advisory

Jump to

Vulnerability Details : CVE-2023-6048

Products affected by CVE-2023-6048

Exploit prediction scoring system (EPSS) score for CVE-2023-6048

CVSS scores for CVE-2023-6048

CWE ids for CVE-2023-6048

References for CVE-2023-6048