cleantalk
Vulnerabilities and Security Researches

Essential Real Estate, CVE-2023-6140

CVE, Research URL

CVE-2023-6140

Home page URL

Security reports for Essential Real Estate

Application

Essential Real Estate

Published on
Jan 09, 2024
Research Description
The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution.
Affected versions
Min -, max 4.4.
Status
vulnerable
Previous vulnerability researches
Essential Real Estate (CVE-2022-3933) , Jun 07, 2024
Essential Real Estate (CVE-2024-4273) , Jun 07, 2024
Essential Real Estate (CVE-2023-6827) , Jun 07, 2024
Essential Real Estate (CVE-2023-6139) , Jun 07, 2024
Essential Real Estate (CVE-2023-6141) , Jun 07, 2024
New vulnerability
Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates (CVE-2025-5103) , Jun 03, 2025
History Log by click5 (CVE-2025-47598) , Jun 03, 2025
Music Player for Elementor – Audio Player & Podcast Player (CVE-2025-5340) , Jun 03, 2025
The E-Commerce ERP: Purchasing, Inventory, Fulfillment, Manufacturing, BOM, Accounting, Sales Analysis (CVE-2025-4631) , Jun 03, 2025
FastSpring (CVE-2025-4595) , Jun 02, 2025