VYPR
Unrated severityNVD Advisory· Published Jan 8, 2024· Updated Sep 4, 2024

Essential Real Estate < 4.4 - Subscriber+ Arbitrary File Upload

CVE-2023-6140

Description

The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.