CVE-2023-4239 - OpenCVE

The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7.1 due to insufficient restriction on the 'rem_save_profile_front' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Webcodingplace	Real Estate Manager

Configuration 1 [-]

cpe:2.3:a:webcodingplace:real_estate_manager:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://plugins.trac.wordpress.org/browser/real-estate-manager/tags/6.7.1/classes/shortcodes.class.php#L1439
https://www.wordfence.com/threat-intel/vulnerabilities/id/d83d1fd0-6e21-406e-a7c0-89d26eabbb32?source=cve

History

No history.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-08-09T02:04:02.327Z

Updated: 2024-08-02T07:24:03.544Z

Reserved: 2023-08-08T13:50:16.878Z

Link: CVE-2023-4239

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-08-09T03:15:45.230

Modified: 2023-11-07T04:22:21.503

Link: CVE-2023-4239

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4239", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2023-08-08T13:50:16.878Z", "datePublished": "2023-08-09T02:04:02.327Z", "dateUpdated": "2024-08-02T07:24:03.544Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-08-09T02:04:02.327Z"}, "affected": [{"vendor": "rameez_iqbal", "product": "Real Estate Manager \u2013 Property Listing and Agent Management", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "6.7.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7.1 due to insufficient restriction on the 'rem_save_profile_front' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d83d1fd0-6e21-406e-a7c0-89d26eabbb32?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/real-estate-manager/tags/6.7.1/classes/shortcodes.class.php#L1439"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-269 Improper Privilege Management"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Lana Codes"}], "timeline": [{"time": "2023-08-08T00:00:00.000+00:00", "lang": "en", "value": "Discovered"}, {"time": "2023-08-08T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:24:03.544Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d83d1fd0-6e21-406e-a7c0-89d26eabbb32?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/browser/real-estate-manager/tags/6.7.1/classes/shortcodes.class.php#L1439", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:webcodingplace:real_estate_manager:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "0099212A-9F01-4099-AE85-DE3ACA42F2DA", "versionEndIncluding": "6.7.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7.1 due to insufficient restriction on the 'rem_save_profile_front' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update."}, {"lang": "es", "value": "El plugin Real Estate Manager para WordPress es vulnerable a la escalada de privilegios en versiones hasta, e incluyendo, la 6.7.1 debido a una restricci\u00f3n insuficiente en la funci\u00f3n \"rem_save_profile_front\". Esto hace posible que atacantes autenticados, con permisos m\u00ednimos como un suscriptor, modifiquen su rol de usuario suministrando el par\u00e1metro \"wp_capabilities\" durante una actualizaci\u00f3n de perfil. "}], "id": "CVE-2023-4239", "lastModified": "2023-11-07T04:22:21.503", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2023-08-09T03:15:45.230", "references": [{"source": "security@wordfence.com", "tags": ["Exploit"], "url": "https://plugins.trac.wordpress.org/browser/real-estate-manager/tags/6.7.1/classes/shortcodes.class.php#L1439"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d83d1fd0-6e21-406e-a7c0-89d26eabbb32?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified"}