cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-3666,https://securityvulnerability.io/vulnerability/CVE-2024-3666,Stored Cross-Site Scripting Vulnerability in Opal Estate Pro,"The Opal Estate Pro – Property Management and Submission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the agent latitude and longitude parameters in all versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Opal Estate Pro – Property Management And Submission,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-05-22T07:37:25.224Z,0
CVE-2021-4388,https://securityvulnerability.io/vulnerability/CVE-2021-4388,Unauthenticated Property Modification Vulnerability in Opal Estate Plugin for WordPress,"The Opal Estate plugin for WordPress is susceptible to unauthorized modification of featured properties due to inadequate capability checks in its functions. Specifically, the opalestate_set_feature_property() and opalestate_remove_feature_property() functions lack proper authentication mechanisms, allowing unauthenticated attackers to manipulate property listings without needing valid credentials. This vulnerability poses a significant risk, enabling malicious users to set or remove featured properties at will, potentially undermining the integrity of real estate information displayed on WordPress sites.",Wordpress,Opal Estate,4.3,MEDIUM,0.001290000043809414,false,,false,false,false,,false,false,2023-07-01T04:26:52.060Z,0
CVE-2021-4387,https://securityvulnerability.io/vulnerability/CVE-2021-4387,Cross-Site Request Forgery Vulnerability in Opal Estate Plugin for WordPress,"The Opal Estate plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation in its core functions. This vulnerability allows attackers to exploit the plugin by tricking site administrators into executing malicious actions, such as setting or removing featured properties, without their knowledge. The affected versions include all iterations up to 1.6.11, underscoring the need for urgent updates to mitigate potential unauthorized access.",Wordpress,Opal Estate,4.3,MEDIUM,0.007079999893903732,false,,false,false,false,,false,false,2023-07-01T03:30:14.528Z,0