WordPress Plugin Vulnerabilities

Real Estate Manager <= 7.2 - Subscriber+ Privilege Escalation

Description

The plugin does not validate user metadata to be updated via its rem_save_profile_front function, allowing any authenticated users, such as subscriber to change their role (to administrator for example) by giving the related wp_capabilities when they update their profile

Affects Plugins

Plugin icon
real-estate-manager
No known fix

References

CVE
CVE-2023-4239
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/d83d1fd0-6e21-406e-a7c0-89d26eabbb32

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Lana Codes
Verified
No
WPVDB ID
16ab4b4d-0e99-4135-99ed-792914518ea5

Timeline

Publicly Published
2023-08-08 (about 2 years ago)
Added
2023-08-09 (about 2 years ago)
Last Updated
2024-04-08 (about 2 years ago)

Other

Published
Title
Published
2023-08-22
Title
Jupiter X Core Premium < 3.4.3 - Unauthenticated Privilege Escalation
Published
2025-11-24
Title
EduKart Pro <= 1.0.3 - Unauthenticated Privilege Escalation
Published
2024-04-23
Title
Booking Ultra Pro < 1.1.13 - Authenticated (Contributor+) Privilege Escalation
Published
2023-05-11
Title
Essential Addons for Elementor 5.4.0-5.7.1 - Unauthenticated Privilege Escalation
Published
2025-02-10
Title
WP Foodbakery < 4.8 - Unauthenticated Privilege Escalation in foodbakery_registration_validation