JoomlaUX JUX Real Estate 3.4.0 - Reflected XSS

A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jpyearbuilt leads to cross...

WordPress Essential Real Estate <3.9.6 - Authenticated Cross-Site Scripting

WordPress Essential Real Estate plugin before 3.9.6 contains an authenticated cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters, which can allow someone with a role as low as admin to inject arbitrary script in the browser of an unsuspecting user in the...

The Opal Estate Pro – Property Management <= 1.7.5 - Unauthenticated Privilege Escalation

The Opal Estate Pro plugin ≤ 1.7.5 is vulnerable to privilege escalation. Due to missing role restrictions in the onregisteruser function, users can register with any role. This allows unauthenticated attackers to create administrator accounts. id: CVE-2025-6934 info: name: The Opal Estate Pro –...

CVE-2026-57641

Unauthenticated Cross Site Request Forgery CSRF in Real Estate 7 = 3.5.9 versions...

CVE-2026-54827

Unauthenticated SQL Injection in Real Estate 7 = 3.5.9 versions...

CVE-2026-57641 WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Real Estate 7 = 3.5.9 versions...

EUVD-2026-39756

Unauthenticated Cross Site Request Forgery CSRF in Real Estate 7 = 3.5.9 versions...

CVE-2026-57641

CVE-2026-57641 pertains to an unauthenticated Cross Site Request Forgery (CSRF) vulnerability in the WordPress Real Estate 7 theme, affecting versions ≤ 3.5.9. Public records confirm the affected software and the vulnerability class, but the provided documents do not specify the exact attack vect...

CVE-2026-54827

CVE-2026-54827 : Unauthenticated SQL Injection affecting WordPress Real Estate 7 theme versions ≤ 3.5.9. The vulnerability arises in the Real Estate 7 component and is exploitable without authentication, with a CVSS v3.1 base score of 9.3 (CRITICAL), indicating potential data exposure and confide...

CVE-2026-54827 WordPress Real Estate 7 theme <= 3.5.9 - SQL Injection vulnerability

Unauthenticated SQL Injection in Real Estate 7 = 3.5.9 versions...

EUVD-2026-39674

Unauthenticated SQL Injection in Real Estate 7 = 3.5.9 versions...

WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Real Estate 7 versions = 3.5.9...

WordPress Real Estate 7 theme <= 3.5.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Real Estate 7 versions = 3.5.9...

CVE-2026-1845

The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...

CVE-2019-25742

WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creating properties. Attackers can inject JavaScript payloads in the property creation form that execu...

CVE-2019-25742 WordPress Theme Zoner Real Estate 4.1.1 Persistent XSS

WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creating properties. Attackers can inject JavaScript payloads in the property creation form that execu...

CVE-2019-25742

WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creating properties. Attackers can inject JavaScript payloads in the property creation form that execu...

CVE-2019-25742 WordPress Theme Zoner Real Estate 4.1.1 Persistent XSS

WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creating properties. Attackers can inject JavaScript payloads in the property creation form that execu...

CVE-2019-25742

CVE-2019-25742 affects WordPress Theme Zoner Real Estate 4.1.1 with a persistent XSS in the Address field during property creation. Authenticated agents can inject JavaScript payloads that execute when administrators view the property for approval, enabling cookie theft and potential session hija...

WordPress plugin Zoner Real Estate 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...