VulnCheck KEV: CVE-2024-13421

The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected during registration. This makes it possible for unauthenticated attackers to...

CVE-2026-22475

Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through = 1.3.4...

CVE-2026-22475 WordPress Estate theme <= 1.3.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through = 1.3.4...

CVE-2026-22475

CVE-2026-22475 describes a deserialization of untrusted data vulnerability in the WordPress theme Estate (vulnerable from n/a to 1.3.4). The root cause is unauthenticated PHP Object Injection due to deserializing untrusted input, enabling potential manipulation of objects within Estate. The CVSSv...

CVE-2026-22475 WordPress Estate theme <= 1.3.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through = 1.3.4...

Exploit for CVE-2025-39459

📄 Nuclei Template for CVE-2025-39459 🚀 Overview This repo...

EUVD-2023-33001

Malicious code in bioql PyPI...

CVE-2025-7718 Resideo Plugin for Resideo - Real Estate WordPress Theme <= 2.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Privilege Escalation via Account Takeover

The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.5.4. This is due to the plugin not properly validating a user's identity prior to updating their details like email...

WordPress plugin RH - Real Estate WordPress Theme Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress WP Pro Real Estate 7 plugin <= 3.5.4 - Authenticated (Seller) Arbitrary File Upload vulnerability

Authenticated Seller Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Theme Real Estate 7 versions = 3.5.4...

CVE-2024-13421

CVE-2024-13421 impacts the Real Estate 7 WordPress theme for WordPress. The vulnerability is an unauthenticated privilege escalation where the plugin fails to restrict roles during user registration, enabling an unauthenticated attacker to register a new administrative account. Affected versions ...

CVE-2023-29432

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Favethemes Houzez - Real Estate WordPress Theme.This issue affects Houzez - Real Estate WordPress Theme: from n/a before 2.8.3...

VulnCheck KEV: CVE-2023-36529

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - Real Estate WordPress Theme: from n/a through 1.3.4...

WordPress Nexos theme cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Nexos theme is a real estate website theme plugin used in it. A cross-site scripting vulnerability exists in WordPress Nexos...

WordPress Theme Real Estate 2.8.9 - Cross-Site Scripting

Exploit Title: Real Estate 7 - Real Estate WordPress Theme v2.8.9 Persistent XSS Injection Google Dork: inurl:"/wp-content/themes/realestate-7/" Date: 2019/07/20 Author: m0ze Vendor Homepage: https://contempothemes.com Software Link:...

allure-real-estate-theme-for-placester <= 0.1.1 - XSS in ZeroClipboard.swf

The Allure Real Estate Theme for Placester WordPress theme was affected by a XSS in ZeroClipboard.swf security vulnerability...

WordPress Estate Theme - Remote Code Execution

There is a bug in this theme, that allows any website visitor to run and see the output of any shortcode. This gives unauthenticated visitors the same power to execute code on the server as regular publishers have. Solution Update the theme...

WordPress Allure Real Estate Theme <= 0.1.1 - XSS

This WordPress theme is prone to a cross-site scripting XSS vulnerability in "in ZeroClipboard.swf". It allows remote attackers to inject arbitrary script or HTML. Solution Update the theme...