1998 matches found
CVE-2019-25742
WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creating properties. Attackers can inject JavaScript payloads in the property creation form that execu...
CVE-2019-25742 WordPress Theme Zoner Real Estate 4.1.1 Persistent XSS
WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creating properties. Attackers can inject JavaScript payloads in the property creation form that execu...
CVE-2019-25742
WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creating properties. Attackers can inject JavaScript payloads in the property creation form that execu...
CVE-2019-25742
CVE-2019-25742 affects WordPress Theme Zoner Real Estate 4.1.1 with a persistent XSS in the Address field during property creation. Authenticated agents can inject JavaScript payloads that execute when administrators view the property for approval, enabling cookie theft and potential session hija...
CVE-2019-25742 WordPress Theme Zoner Real Estate 4.1.1 Persistent XSS
WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creating properties. Attackers can inject JavaScript payloads in the property creation form that execu...
JoomlaUX JUX Real Estate 3.4.0 - Reflected XSS
A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jpyearbuilt leads to cross...
WordPress Essential Real Estate <3.9.6 - Authenticated Cross-Site Scripting
WordPress Essential Real Estate plugin before 3.9.6 contains an authenticated cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters, which can allow someone with a role as low as admin to inject arbitrary script in the browser of an unsuspecting user in the...
PT-2026-46212
WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creating properties. Attackers can inject JavaScript payloads in the property creation form that execu...
CVE-2026-10262
CVE-2026-10262 affects code-projects Real State Services 1.0, specifically the Login component’s loginuser.php. The vulnerability arises from manipulating the Username argument, enabling SQL injection. Exploitation is described as remote and publicly disclosed. No remediation details are provided...
Code-Projects Real Estate Services SQL Injection Vulnerabilities
Code-Projects Real State Services is an open-source real estate service developed by Code-Projects. Version 1.0 of Code-Projects Real State Services has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter “Username” in the “login” component’s file...
VulnCheck KEV: CVE-2024-13421
The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected during registration. This makes it possible for unauthenticated attackers to...
EUVD-2026-24635
The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...
CVE-2026-1845
The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...
CVE-2026-1845
CVE-2026-1845 concerns the WordPress plugin Real Estate Pro (
CVE-2026-1845 Real Estate Pro <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings
The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...
CVE-2026-1845 Real Estate Pro <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings
The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...
CVE-2026-1845
The Real Estate Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions...
PT-2026-34269
Name of the Vulnerable Software and Affected Versions Real Estate Pro versions prior to 1.1.0 Description The Real Estate Pro plugin for WordPress contains a Stored Cross-Site Scripting issue within the admin settings. This occurs because of insufficient input sanitization and output escaping,...
WordPress Real Estate Pro plugin <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Real Estate Pro versions = 1.0.9...
CVE-2023-54361
Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filterkeyword parameter. Attackers can craft URLs containing JavaScript payloads in the filterkeyword GET parameter of the...