Vulnerabilities > G5Plus > Essential Real Estate > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-08 | CVE-2023-6139 | Unspecified vulnerability in G5Plus Essential Real Estate The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Denial of Service attacks. | 6.5 |
| 2024-01-08 | CVE-2023-6141 | Cross-site Scripting vulnerability in G5Plus Essential Real Estate The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks. | 5.4 |