CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added yesterday•4 views

CVE-2019-25742 WordPress Theme Zoner Real Estate 4.1.1 Persistent XSS

ATTACKERKB•added yesterday•3 views

CVE-2019-25742

Exploits0References4Affected Software1

CVE•added yesterday•6 views

CVE-2019-25742

CVE-2019-25742 affects WordPress Theme Zoner Real Estate 4.1.1 with a persistent XSS in the Address field during property creation. Authenticated agents can inject JavaScript payloads that execute when administrators view the property for approval, enabling cookie theft and potential session hija...

Cvelist•added yesterday•12 views

CVE-2019-25742 WordPress Theme Zoner Real Estate 4.1.1 Persistent XSS

6.4CVSS

Nuclei•added yesterday•14 views

The Opal Estate Pro – Property Management <= 1.7.5 - Unauthenticated Privilege Escalation

The Opal Estate Pro plugin ≤ 1.7.5 is vulnerable to privilege escalation. Due to missing role restrictions in the onregisteruser function, users can register with any role. This allows unauthenticated attackers to create administrator accounts. id: CVE-2025-6934 info: name: The Opal Estate Pro –...

9.8CVSS5.8AI score0.26374EPSS

Exploits12References2

Nuclei•added yesterday•18 views

WordPress Essential Real Estate <3.9.6 - Authenticated Cross-Site Scripting

WordPress Essential Real Estate plugin before 3.9.6 contains an authenticated cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters, which can allow someone with a role as low as admin to inject arbitrary script in the browser of an unsuspecting user in the...

5.4CVSS6AI score0.04755EPSS

Exploits2References5

Nuclei•added yesterday•28 views

JoomlaUX JUX Real Estate 3.4.0 - Reflected XSS

A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jpyearbuilt leads to cross...

6.1CVSS3.8AI score0.00331EPSS

Exploits2References3

Positive Technologies•added yesterday•7 views

PT-2026-46212

CVE•added 4 days ago•9 views

Exploits0References5

CVE-2026-10262

CVE-2026-10262 affects code-projects Real State Services 1.0, specifically the Login component’s loginuser.php. The vulnerability arises from manipulating the Username argument, enabling SQL injection. Exploitation is described as remote and publicly disclosed. No remediation details are provided...

7.5CVSS6.8AI score0.00033EPSS

Exploits0References6

CNNVD•added 4 days ago•5 views

Code-Projects Real Estate Services SQL Injection Vulnerabilities

Code-Projects Real State Services is an open-source real estate service developed by Code-Projects. Version 1.0 of Code-Projects Real State Services has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter “Username” in the “login” component’s file...

7.5CVSS5.8AI score0.00033EPSS

Exploits0References6

VulnCheck KEV•added 2026/05/04 12:0 a.m.•5 views

VulnCheck KEV: CVE-2024-13421

The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected during registration. This makes it possible for unauthenticated attackers to...

9.8CVSS7.4AI score0.00238EPSS

In wildExploits0References2

EUVD•added 2026/04/22 9:31 a.m.•1 views

EUVD-2026-24635

The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

NVD•added 2026/04/22 9:16 a.m.•0 views

Exploits0References3

CVE-2026-1845

5.5CVSS0.0001EPSS

CVE•added 2026/04/22 7:45 a.m.•7 views

CVE-2026-1845

CVE-2026-1845 concerns the WordPress plugin Real Estate Pro (

Cvelist•added 2026/04/22 7:45 a.m.•27 views

CVE-2026-1845 Real Estate Pro <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings

5.5CVSS0.0001EPSS

Vulnrichment•added 2026/04/22 7:45 a.m.•3 views

CVE-2026-1845 Real Estate Pro <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings

ATTACKERKB•added 2026/04/22 7:45 a.m.•2 views

CVE-2026-1845

Positive Technologies•added 2026/04/22 12:0 a.m.•1 views

Exploits0References3

PT-2026-34269

Name of the Vulnerable Software and Affected Versions Real Estate Pro versions prior to 1.1.0 Description The Real Estate Pro plugin for WordPress contains a Stored Cross-Site Scripting issue within the admin settings. This occurs because of insufficient input sanitization and output escaping,...

5.5CVSS5.9AI score0.0001EPSS

Exploits0References5

Patchstack•added 2026/04/21 7:15 p.m.•3 views

WordPress Real Estate Pro plugin <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Real Estate Pro versions = 1.0.9...