cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-6050,https://securityvulnerability.io/vulnerability/CVE-2023-6050,Estatik Real Estate Plugin < 4.1.1 - Reflected XSS,"The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,Estatik Real Estate Plugin,6.1,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-01-15T15:10:42.000Z,true,false,false,,2024-01-15T15:10:42.097Z,0
CVE-2023-6048,https://securityvulnerability.io/vulnerability/CVE-2023-6048,Estatik Real Estate Plugin < 4.1.1 - Subscriber+ Arbitrary Option Update,"The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset",Wordpress,Estatik Real Estate Plugin,6.5,MEDIUM,0.0005699999746866524,false,,false,false,true,2024-01-15T15:10:40.000Z,true,false,false,,2024-01-15T15:10:40.683Z,0
CVE-2023-6049,https://securityvulnerability.io/vulnerability/CVE-2023-6049,Estatik Real Estate Plugin < 4.1.1 - Unauthenticated PHP Object Injection,"The Estatik Real Estate Plugin for WordPress, prior to version 4.1.1, is vulnerable to PHP Object Injection through the unserialization of user input from its cookies. This flaw can be exploited by unauthenticated users if a suitable gadget chain is present on the site, potentially leading to severe security breaches. This vulnerability underscores the importance of proper input validation and the need for timely updates to mitigate risks associated with such security weaknesses.",Wordpress,Estatik Real Estate Plugin,9.8,CRITICAL,0.0028299998957663774,false,,false,false,true,2024-01-15T15:10:39.000Z,true,false,false,,2024-01-15T15:10:39.151Z,0