Real Estate Security Vulnerabilities
A vulnerability was found in itsourcecode Real Estate Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file property-detail.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The...
7.3CVSS
6.8AI Score
0.0004EPSS
The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the remove_property_attachment_ajax() function in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with subscriber-level access...
4.3CVSS
6.9AI Score
0.0004EPSS
The Essential Real Estate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ere_property_map' shortcode in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
6AI Score
0.0004EPSS
Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real Estate Add-On.This issue affects ERE Recently Viewed – Essential Real Estate Add-On: from n/a through...
9.8CVSS
9.4AI Score
0.0004EPSS
A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file profile.php of the component Feedback Form. The manipulation of the argument Your Feedback with the input leads to cross...
5.4CVSS
5.2AI Score
0.001EPSS
The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as...
6.1CVSS
6AI Score
0.0005EPSS
The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are...
6.5CVSS
6.4AI Score
0.0004EPSS
The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the...
9.8CVSS
9.6AI Score
0.003EPSS
A vulnerability classified as critical has been found in CodeAstro Real Estate Management System up to 1.0. This affects an unknown part of the file propertydetail.php. The manipulation of the argument pid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been....
7.5CVSS
7.8AI Score
0.001EPSS
The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS...
5.4CVSS
5.1AI Score
0.0004EPSS
The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code...
8.8CVSS
9AI Score
0.001EPSS
The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Denial of Service...
6.5CVSS
6.3AI Score
0.0004EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issue affects Houzez - Real Estate WordPress Theme: from n/a before...
9.8CVSS
9.7AI Score
0.001EPSS
The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'ajaxUploadFonts' function in versions up to, and including, 4.3.5. This makes it possible for authenticated attackers with subscriber-level capabilities or above,....
8.8CVSS
9.1AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - Real Estate WordPress Theme: from n/a through...
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability was found in SourceCodester Simple Real Estate Portal System 1.0. It has been classified as critical. Affected is an unknown function of the file view_estate.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit...
9.8CVSS
9.7AI Score
0.001EPSS
The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7.1 due to insufficient restriction on the 'rem_save_profile_front' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to....
8.8CVSS
7AI Score
0.0005EPSS
A vulnerability classified as critical was found in Bug Finder ChainCity Real Estate Investment Platform 1.0. Affected by this vulnerability is an unknown functionality of the file /property of the component GET Parameter Handler. The manipulation of the argument name leads to sql injection. The...
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability classified as problematic has been found in Bug Finder ChainCity Real Estate Investment Platform 1.0. Affected is an unknown function of the file /chaincity/user/ticket/create of the component New Ticket Handler. The manipulation of the argument subject leads to cross site...
6.1CVSS
6AI Score
0.001EPSS
The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory...
8.8CVSS
8.5AI Score
0.001EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contempoinc Real Estate 7 WordPress theme <= 3.3.1...
7.1CVSS
6AI Score
0.001EPSS
The Essential Real Estate WordPress plugin before 3.9.6 does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting...
5.4CVSS
5.3AI Score
0.001EPSS
SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
8.3AI Score
0.001EPSS
4.8CVSS
4.9AI Score
0.001EPSS
4.8CVSS
4.9AI Score
0.001EPSS
4.8CVSS
4.9AI Score
0.001EPSS
6.8CVSS
6.7AI Score
0.001EPSS
4.8CVSS
4.9AI Score
0.001EPSS
4.8CVSS
4.9AI Score
0.001EPSS
4.8CVSS
4.9AI Score
0.001EPSS
Multiple directory traversal vulnerabilities in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) codelib/cfg/common.inc.php, (2)...
7.3AI Score
0.005EPSS
Multiple SQL injection vulnerabilities in MYRE Real Estate Software (2012 Q2) allow remote attackers to execute arbitrary SQL commands via the (1) link_idd parameter to 1_mobile/listings.php or (2) userid parameter to...
8.8AI Score
0.001EPSS
SQL injection vulnerability in property_listings_detail.php in Real Estate PHP Script allows remote attackers to execute arbitrary SQL commands via the listingid...
8.8AI Score
0.001EPSS
A vulnerability was found in Itech Real Estate Script 3.12. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /real-estate-script/search_property.php. The manipulation of the argument property_for leads to sql injection. The attack can be...
9.8CVSS
9.7AI Score
0.005EPSS
The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is...
4.8CVSS
4.7AI Score
0.001EPSS
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via...
9.8CVSS
9.7AI Score
0.002EPSS
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via...
9.8CVSS
9.7AI Score
0.002EPSS
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via...
9.8CVSS
9.7AI Score
0.002EPSS
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via...
9.8CVSS
9.7AI Score
0.002EPSS
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via...
9.8CVSS
9.7AI Score
0.002EPSS
Simple Real Estate Portal System v1.0 was discovered to contain a SQL injection vulnerability via the id...
9.8CVSS
9.8AI Score
0.002EPSS
The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community parameter in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which can be triggered in both unauthenticated or authenticated user...
6.1CVSS
6AI Score
0.002EPSS
In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL...
7.2CVSS
7.2AI Score
0.001EPSS
In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter is vulnerable to...
6.1CVSS
6.3AI Score
0.001EPSS
PHP Scripts Mall Open Source Real-estate Script 3.6.2 allows remote attackers to list the wp-content/themes/template_dp_dec2015/img...
5.3CVSS
5.4AI Score
0.003EPSS
5.4CVSS
5.3AI Score
0.001EPSS
PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a...
6.5CVSS
6.5AI Score
0.001EPSS
8CVSS
7.9AI Score
0.001EPSS
SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla! via the cooling_system1, heating_system1, or laundry...
9.8CVSS
9.8AI Score
0.003EPSS
PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored XSS via every profile input...
5.4CVSS
5.2AI Score
0.0005EPSS