CVE-2023-6048: 
WordPress vulnerability analysis and mitigation

The Estatik Real Estate Plugin WordPress plugin before version 4.1.1 contains a security vulnerability identified as CVE-2023-6048. The vulnerability allows users with low privileges on the site, such as subscribers, to set any of the site's options to 1, which could potentially be exploited to break sites and lead to Denial of Service (DoS) when certain options are reset. This vulnerability was discovered and publicly disclosed on December 25, 2023 (WPScan).

The vulnerability is classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 base score of 6.5 MEDIUM (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). The vulnerability stems from improper access control mechanisms that fail to restrict low-privileged users from modifying system options (NVD).

When exploited, this vulnerability can lead to Denial of Service conditions by allowing low-privileged users to manipulate site options. The impact is primarily focused on the availability aspect of the system, as attackers can potentially break site functionality by resetting certain options (WPScan).

The vulnerability has been fixed in version 4.1.1 of the Estatik Real Estate Plugin. Site administrators are strongly advised to update to this version or later to mitigate the security risk (WPScan).