Lucene search
K
G5plusEssential Real Estate

10 matches found

CVE
CVE
added 2024/01/08 7:0 p.m.63 views

CVE-2023-6141

The Essential Real Estate WordPress plugin prior to version 4.4.0 is vulnerable due to missing capability checks on AJAX actions, enabling a subscriber-level attacker to perform Stored XSS. Root cause: improper authorization in AJAX handlers. Impact: stored XSS possible with a subscriber account;...

5.4CVSS5.1AI score0.00403EPSS
Web
CVE
CVE
added 2023/12/15 7:30 a.m.63 views

CVE-2023-6827

The CVE concerns the WordPress plugin Essential Real Estate (

8.8CVSS7.8AI score0.01265EPSS
CVE
CVE
added 2024/12/12 6:46 a.m.63 views

CVE-2024-12329

CVE-2024-12329 affects the Essential Real Estate WordPress plugin. The vulnerability is a missing capability check on several pages/post types in all versions up to and including 5.1.6, enabling authenticated attackers with Contributor-level access and above to view invoices and transaction logs....

4.3CVSS4.3AI score0.0035EPSS
CVE
CVE
added 2025/04/01 5:31 a.m.62 views

CVE-2025-30849

CVE-2025-30849 affects Essential Real Estate (WordPress plugin). Issue: Improper control of filename for include/require enables Local File Inclusion in PHP. Affected: Essential Real Estate

9.8CVSS7.2AI score0.00764EPSS
CVE
CVE
added 2024/01/08 7:0 p.m.61 views

CVE-2023-6140

The CVE affects the Essential Real Estate WordPress plugin for versions prior to 4.4.0. The vulnerability allows users with limited privileges (e.g., subscribers) to upload malicious PHP files disguised as ZIP archives, potentially leading to remote code execution. Red Hat/NVD entries and third-p...

8.8CVSS9AI score0.01095EPSS
Web
CVE
CVE
added 2024/01/08 7:0 p.m.60 views

CVE-2023-6139

CVE-2023-6139 affects the Essential Real Estate WordPress plugin prior to version 4.4.0. The issue is missing capability checks on AJAX actions, enabling a subscriber to trigger Denial of Service. The CVSS v3.1 base score is 6.5 (MEDIUM). Remediation: update to 4.4.0 or newer; a temporary mitigat...

6.5CVSS6.3AI score0.00609EPSS
Web
CVE
CVE
added 2025/01/24 5:25 p.m.56 views

CVE-2025-24698

CVE-2025-24698 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Essential Real Estate (versions up to 5.1.8). The CVSS v3.1 base score is 4.3 (Medium); it is noted as patched in version 5.1.8. Connected sources corroborate CSRF impact for this plugin and list PatchStac...

4.3CVSS7.2AI score0.00208EPSS
CVE
CVE
added 2025/06/09 3:54 p.m.53 views

CVE-2025-48126

The CVE-2025-48126 entry concerns WordPress plugin WordPress Essential Real Estate (versions through 5.2.1; Patch/PatchStack notes up to 5.2.6) with an Improper Control of Filename for Include/Require Statement vulnerability leading to PHP Local File Inclusion (LFI). Root cause: mismanagement of ...

9.8CVSS5.3AI score0.0039EPSS
CVE
CVE
added 2024/06/04 5:32 a.m.45 views

CVE-2024-4273

CVE-2024-4273 involves the Essential Real Estate WordPress plugin, enabling Stored XSS via the ere_property_map shortcode in all versions up to 4.4.2 due to insufficient input sanitization and output escaping. The vulnerability requires authenticated access (Contributor level or higher) and could...

6.4CVSS5.9AI score0.00324EPSS
CVE
CVE
added 2024/06/04 5:32 a.m.38 views

CVE-2024-4274

Technical details about CVE-2024-4274 are not provided in the supplied documents. The entries reference the Essential Real Estate WordPress vulnerability but do not include affected versions, exploit info, or remediation specifics. Monitor for official advisories.

4.3CVSS4.8AI score0.00462EPSS