EUVD-2025-199368

Malicious code in drop-events-on-property-plugin npm...

CVE-2012-10027

WP-Property plugin for WordPress through version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party uploadify.php script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution...

CVE-2012-10027

WP-Property plugin for WordPress up to and including version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party uploadify.php script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution...

CVE-2012-10027 WordPress Plugin WP-Property <= 1.35.0 PHP File Upload

WP-Property plugin for WordPress up to and including version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party uploadify.php script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution...

WordPress plugin WP-Property 安全漏洞

WordPress WP-Property plugin is a real estate industry-specific plugin for the WordPress platform, which is mainly used to help users manage property listings, display listing information and attract potential customers. A file upload vulnerability exists in the WordPress WP-Property plugin, whic...

CVE-2025-5117

The Property plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the use of the propertypackageuserrole metadata in versions 1.0.5 to 1.0.6. This makes it possible for authenticated attackers, with Author‐level access and above, to elevate their...

CVE-2025-5117

The Property plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the use of the propertypackageuserrole metadata in versions 1.0.5 to 1.0.6. This makes it possible for authenticated attackers, with Author‐level access and above, to elevate their...

CVE-2025-5117 Property 1.0.5 - 1.0.6 - Missing Authorization to Authenticated (Author+) Privilege Escalation via property_package_user_role Metadata in PayPal Registration

The Property plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the use of the propertypackageuserrole metadata in versions 1.0.5 to 1.0.6. This makes it possible for authenticated attackers, with Author‐level access and above, to elevate their...

CVE-2025-5117

CVE-2025-5117 describes a privilege-escalation in the WordPress plugin “Property” (Real Estate Directory Listing). The root cause is a missing capability check on the property_package_user_role metadata used when creating a package post, enabling an authenticated user with Author+ privileges to e...

PT-2025-22985 · WordPress · Property Plugin

Name of the Vulnerable Software and Affected Versions: Property plugin for WordPress versions 1.0.5 through 1.0.6 Description: The issue is related to a missing capability check on the use of the property package user role metadata. This allows authenticated attackers with Author-level access and...

WordPress plugin Property 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress WP Property Plugin <= 1.38.3.2 - Information Disclosure

This plugin is prone to non-administrative user XMLI remote information disclosure vulnerability. Solution Update plugin...

WordPress WP-Property Plugin 1.35.0 'uploadify.php' Arbitrary File Upload Vulnerability - Active Check

WordPress WP-Property Plugin is prone to a file upload vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...