CVE-2023-6049 – The Estatik Real Estate WordPress plugin before... (How to Fix)

Q: What is the severity of CVE-2023-6049?

CVE-2023-6049 has a CVSS score of 9.8 (CRITICAL). The Estatik Real Estate WordPress plugin before version 4.1.1 contains a PHP Object Injection vulnerability via cookie deserialization. Unauthenticated attackers can exploit this to execute arbitrary code when a suitable gadget chain exists. All WordPress sites using vulnerable plugin versions are affected.

📋 TL;DR

The Estatik Real Estate WordPress plugin before version 4.1.1 contains a PHP Object Injection vulnerability via cookie deserialization. Unauthenticated attackers can exploit this to execute arbitrary code when a suitable gadget chain exists. All WordPress sites using vulnerable plugin versions are affected.

💻 Affected Systems

Products:

Estatik Real Estate Plugin for WordPress

Versions: All versions before 4.1.1

Operating Systems: All platforms running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with vulnerable plugin version. Exploitation depends on availability of gadget chains in the environment.

📦 What is this software?

Estatik by Estatik

View all CVEs affecting Estatik →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete site compromise, data theft, malware installation, or site defacement.

🟠

Likely Case

Arbitrary code execution leading to backdoor installation, data exfiltration, or privilege escalation.

🟢

If Mitigated

Limited impact if gadget chains are unavailable, but still potential for denial of service or information disclosure.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires finding suitable gadget chains in the WordPress environment. Public exploit details are available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.1.1

Vendor Advisory: https://wpscan.com/vulnerability/8cfd8c1f-2834-4a94-a3fa-c0cfbe78a8b7

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Estatik Real Estate Plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 4.1.1+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the vulnerable plugin until patching is possible.

wp plugin deactivate estatik

Web Application Firewall Rule

all

Block malicious cookie patterns containing serialized PHP objects.

🧯 If You Can't Patch

Implement strict WAF rules to block serialized object patterns in cookies
Restrict plugin access to trusted IP addresses only

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Estatik Real Estate Plugin version. If version is below 4.1.1, you are vulnerable.

Check Version:

wp plugin get estatik --field=version

Verify Fix Applied:

Confirm plugin version is 4.1.1 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual cookie values containing serialized PHP objects in web server logs
Multiple failed exploitation attempts with crafted cookies

Network Indicators:

HTTP requests with unusually long or structured cookie values
Patterns matching serialized PHP objects in cookie headers

SIEM Query:

source="web_logs" AND (cookie="*O:*" OR cookie="*C:*" OR cookie="*a:*")

📊 Metadata

CVE ID: CVE-2023-6049

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-502

Published: January 15, 2024

Last Updated: June 3, 2025

🔗 References

https://wpscan.com/vulnerability/8cfd8c1f-2834-4a94-a3fa-c0cfbe78a8b7 Exploit,Third Party Advisory
https://wpscan.com/vulnerability/8cfd8c1f-2834-4a94-a3fa-c0cfbe78a8b7 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-6049, you might also want to check these: