Opal Estate <= 1.6.11 – Missing Authorization | CVE 2021-4388

Affects Plugins

opal-estate

No known fix

References

CVE

CVE-2021-4388

URL

https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CWE-862

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

Jerome Bruandet

Verified

No

WPVDB ID

d2ad0684-4bdc-4ed5-87df-544ecbd86aa7

Timeline

Publicly Published

2021-08-16 (about 4 years ago)

Added

2023-07-04 (about 2 years ago)

Last Updated

2023-07-04 (about 2 years ago)

Other

Published

Title

Published

2024-03-25

Title

Smart Forms < 2.6.94 - Subscriber+ Edit Entries via Broken Access Control

Published

2025-06-19

Title

WP-Recall <= 16.26.14 - Missing Authorization

Published

2025-04-18

Title

AnalyticsWP <= 2.0.0 - Missing Authorization

Published

2023-10-17

Title

Themify Ultra < 7.3.6 - Missing Authorization

Published

2025-12-31

Title

Conformer for Elementor < 1.0.8 - Missing Authorization