The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. This is due to missing capability checks on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2023-07-01T04:26:52.060Z
Updated: 2024-08-03T17:23:10.769Z
Reserved: 2023-06-30T15:31:33.128Z
Link: CVE-2021-4388
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-07-01T05:15:15.547
Modified: 2023-11-07T03:40:50.307
Link: CVE-2021-4388
Redhat
No data.