2032 matches found
WordPress Essential Real Estate <3.9.6 - Authenticated Cross-Site Scripting
WordPress Essential Real Estate plugin before 3.9.6 contains an authenticated cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters, which can allow someone with a role as low as admin to inject arbitrary script in the browser of an unsuspecting user in the...
JoomlaUX JUX Real Estate 3.4.0 - Reflected XSS
A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jpyearbuilt leads to cross...
CVE-2026-57398
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebCodingPlace Real Estate Manager Pro real-estate-manager-pro allows Reflected XSS.This issue affects Real Estate Manager Pro: from n/a through = 12.8.3...
CVE-2026-57398 WordPress Real Estate Manager Pro plugin <= 12.8.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WebCodingPlace Real Estate Manager Pro real-estate-manager-pro allows Reflected XSS.This issue affects Real Estate Manager Pro: from n/a through = 12.8.3...
CVE-2026-57398
CVE-2026-57398 : WordPress Real Estate Manager Pro plugin (
PT-2026-57709
Name of the Vulnerable Software and Affected Versions Real Estate Manager Pro versions prior to 12.8.4 Description Improper neutralization of input during web page generation allows for Reflected Cross-site Scripting XSS, a flaw where an application includes untrusted data in a web page without...
WordPress Real Estate Manager Pro plugin <= 12.8.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by dutafi in WordPress Plugin Real Estate Manager Pro versions = 12.8.3...
CVE-2026-14769 code-projects Real State Services pay.php sql injection
A security vulnerability has been detected in code-projects Real State Services 1.0. This issue affects some unknown processing of the file /pay.php. Such manipulation of the argument Bankname leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly...
CVE-2026-14769
The CVE-2026-14769 entry concerns code-projects Real State Services 1.0. A vulnerability in processing the file /pay.php allows manipulation of the Bankname parameter that leads to a SQL injection. The issue appears to be exploitable remotely and public exploit details are available. Metrics indi...
CVE-2026-14768 code-projects Real State Services builderHome.php sql injection
A weakness has been identified in code-projects Real State Services 1.0. This vulnerability affects unknown code of the file /builderHome.php. This manipulation of the argument loc causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the...
CVE-2026-14746
A security vulnerability has been detected in code-projects Real State Services 1.0. Affected is an unknown function of the file /addprojectrent.php. The manipulation of the argument amen leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may...
CVE-2026-14746 code-projects Real State Services addprojectrent.php sql injection
A security vulnerability has been detected in code-projects Real State Services 1.0. Affected is an unknown function of the file /addprojectrent.php. The manipulation of the argument amen leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may...
CVE-2026-14746
CVE-2026-14746 affects code-projects Real State Services 1.0. The vulnerability is in an unknown function of the file /addprojectrent.php, where manipulating the argument amen leads to SQL injection. Exploitation is possible remotely, and the exploit has been publicly disclosed (Exploit maturity:...
CVE-2026-14745 code-projects Real State Services single-list_rent.php sql injection
A weakness has been identified in code-projects Real State Services 1.0. This impacts an unknown function of the file /single-listrent.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to t...
CVE-2026-14743 code-projects Real State Services normalHomeSale.php sql injection
A vulnerability was identified in code-projects Real State Services 1.0. The impacted element is an unknown function of the file /normalHomeSale.php. Such manipulation of the argument loc leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might ...
CVE-2026-57343
Unauthenticated Cross Site Scripting XSS in Real Estate 7 = 3.5.9 versions...
CVE-2026-57343 WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Real Estate 7 = 3.5.9 versions...
EUVD-2026-41343
Unauthenticated Cross Site Scripting XSS in Real Estate 7 = 3.5.9 versions...
CVE-2026-57343
CVE-2026-57343 describes an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress Real Estate 7 theme, affected
WordPress Realtyna Organic IDX Plugin <= 4.14.4 - SQL Injection
The Realtyna Organic IDX plugin plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.14.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...