VYPR

Opal Estate

by Wpopal

CVEs (2)

  • CVE-2021-4388MedJul 1, 2023
    risk 0.28cvss 4.3epss 0.01

    The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. This is due to missing capability checks on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it…

  • CVE-2021-4387MedJul 1, 2023
    risk 0.28cvss 4.3epss 0.01

    The Opal Estate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.11. This is due to missing or incorrect nonce validation on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes…