Real Estate Manager <= 6.7.1 - Plugin Arbitrary Settings Update



Description
Due to lack of authorisation and CSRF checks in the AJAX function save_admin_settings()

Plugin has been closed in WP and is still vulnerable

Affects Plugin

References

URL https://plugins.trac.wordpress.org/browser/real-estate-manager/tags/6.7.1/classes/setup.class.php#L757

Classification

Type UNKNOWN

Miscellaneous

Views 2833
Verified No
WPVDB ID 9340

Timeline

Publicly Published 2019-06-15 (4 months ago)
Added 2019-06-15 (4 months ago)
Last Updated 2019-06-15 (4 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin