2027 matches found
JoomlaUX JUX Real Estate 3.4.0 - Reflected XSS
A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jpyearbuilt leads to cross...
WordPress Essential Real Estate <3.9.6 - Authenticated Cross-Site Scripting
WordPress Essential Real Estate plugin before 3.9.6 contains an authenticated cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters, which can allow someone with a role as low as admin to inject arbitrary script in the browser of an unsuspecting user in the...
CVE-2026-14769 code-projects Real State Services pay.php sql injection
A security vulnerability has been detected in code-projects Real State Services 1.0. This issue affects some unknown processing of the file /pay.php. Such manipulation of the argument Bankname leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly...
CVE-2026-14769
The CVE-2026-14769 entry concerns code-projects Real State Services 1.0. A vulnerability in processing the file /pay.php allows manipulation of the Bankname parameter that leads to a SQL injection. The issue appears to be exploitable remotely and public exploit details are available. Metrics indi...
CVE-2026-14768 code-projects Real State Services builderHome.php sql injection
A weakness has been identified in code-projects Real State Services 1.0. This vulnerability affects unknown code of the file /builderHome.php. This manipulation of the argument loc causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the...
CVE-2026-14746
A security vulnerability has been detected in code-projects Real State Services 1.0. Affected is an unknown function of the file /addprojectrent.php. The manipulation of the argument amen leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may...
CVE-2026-14746 code-projects Real State Services addprojectrent.php sql injection
A security vulnerability has been detected in code-projects Real State Services 1.0. Affected is an unknown function of the file /addprojectrent.php. The manipulation of the argument amen leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may...
CVE-2026-14746
CVE-2026-14746 affects code-projects Real State Services 1.0. The vulnerability is in an unknown function of the file /addprojectrent.php, where manipulating the argument amen leads to SQL injection. Exploitation is possible remotely, and the exploit has been publicly disclosed (Exploit maturity:...
CVE-2026-14745 code-projects Real State Services single-list_rent.php sql injection
A weakness has been identified in code-projects Real State Services 1.0. This impacts an unknown function of the file /single-listrent.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to t...
CVE-2026-14743 code-projects Real State Services normalHomeSale.php sql injection
A vulnerability was identified in code-projects Real State Services 1.0. The impacted element is an unknown function of the file /normalHomeSale.php. Such manipulation of the argument loc leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might ...
CVE-2026-57343
Unauthenticated Cross Site Scripting XSS in Real Estate 7 = 3.5.9 versions...
EUVD-2026-41343
Unauthenticated Cross Site Scripting XSS in Real Estate 7 = 3.5.9 versions...
CVE-2026-57343 WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Real Estate 7 = 3.5.9 versions...
CVE-2026-57343
CVE-2026-57343 describes an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress Real Estate 7 theme, affected
WordPress Realtyna Organic IDX Plugin <= 4.14.4 - SQL Injection
The Realtyna Organic IDX plugin plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.14.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...
WordPress Real Estate 7 theme <= 3.5.9 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Real Estate 7 versions = 3.5.9...
CVE-2026-13559 code-projects Real State Services single-list_sale.php add sql injection
A weakness has been identified in code-projects Real State Services 1.0. Impacted is an unknown function of the file /single-listsale.php?action=add. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been made available to...
CVE-2026-57641
Unauthenticated Cross Site Request Forgery CSRF in Real Estate 7 = 3.5.9 versions...
CVE-2026-54827
Unauthenticated SQL Injection in Real Estate 7 = 3.5.9 versions...
EUVD-2026-39756
Unauthenticated Cross Site Request Forgery CSRF in Real Estate 7 = 3.5.9 versions...