10 matches found
CVE-2023-6141
The Essential Real Estate WordPress plugin prior to version 4.4.0 is vulnerable due to missing capability checks on AJAX actions, enabling a subscriber-level attacker to perform Stored XSS. Root cause: improper authorization in AJAX handlers. Impact: stored XSS possible with a subscriber account;...
CVE-2023-6827
The CVE concerns the WordPress plugin Essential Real Estate (
CVE-2024-12329
CVE-2024-12329 affects the Essential Real Estate WordPress plugin. The vulnerability is a missing capability check on several pages/post types in all versions up to and including 5.1.6, enabling authenticated attackers with Contributor-level access and above to view invoices and transaction logs....
CVE-2025-30849
CVE-2025-30849 affects Essential Real Estate (WordPress plugin). Issue: Improper control of filename for include/require enables Local File Inclusion in PHP. Affected: Essential Real Estate
CVE-2023-6140
The CVE affects the Essential Real Estate WordPress plugin for versions prior to 4.4.0. The vulnerability allows users with limited privileges (e.g., subscribers) to upload malicious PHP files disguised as ZIP archives, potentially leading to remote code execution. Red Hat/NVD entries and third-p...
CVE-2023-6139
CVE-2023-6139 affects the Essential Real Estate WordPress plugin prior to version 4.4.0. The issue is missing capability checks on AJAX actions, enabling a subscriber to trigger Denial of Service. The CVSS v3.1 base score is 6.5 (MEDIUM). Remediation: update to 4.4.0 or newer; a temporary mitigat...
CVE-2025-24698
CVE-2025-24698 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Essential Real Estate (versions up to 5.1.8). The CVSS v3.1 base score is 4.3 (Medium); it is noted as patched in version 5.1.8. Connected sources corroborate CSRF impact for this plugin and list PatchStac...
CVE-2025-48126
The CVE-2025-48126 entry concerns WordPress plugin WordPress Essential Real Estate (versions through 5.2.1; Patch/PatchStack notes up to 5.2.6) with an Improper Control of Filename for Include/Require Statement vulnerability leading to PHP Local File Inclusion (LFI). Root cause: mismanagement of ...
CVE-2024-4273
CVE-2024-4273 involves the Essential Real Estate WordPress plugin, enabling Stored XSS via the ere_property_map shortcode in all versions up to 4.4.2 due to insufficient input sanitization and output escaping. The vulnerability requires authenticated access (Contributor level or higher) and could...
CVE-2024-4274
Technical details about CVE-2024-4274 are not provided in the supplied documents. The entries reference the Essential Real Estate WordPress vulnerability but do not include affected versions, exploit info, or remediation specifics. Monitor for official advisories.