CVE Vulnerabilities

CVE-2023-6139

Published: Jan 08, 2024 | Modified: Jun 03, 2025

CVSS 3.x

6.5

MEDIUM

Source:

NVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS 2.x

RedHat/V2

RedHat/V3

Ubuntu

Vulnerability-free packages from our partners

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-6139
CWE	https://cwe.mitre.org/data/definitions/.html

The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Denial of Service attacks.

Affected Software

Name	Vendor	Start Version	End Version
Essential_real_estate	G5plus	*	4.4.0 (excluding)

References

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.