CVE Vulnerabilities

CVE-2023-4239

Published: Aug 09, 2023 | Modified: Nov 07, 2023
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7.1 due to insufficient restriction on the rem_save_profile_front function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the wp_capabilities parameter during a profile update.

Affected Software

Name Vendor Start Version End Version
Real_estate_manager Webcodingplace * 6.7.1 (including)

References