3 matches found
CVE-2025-23857
CVE-2025-23857 affects the WordPress plugin Essential WP Real Estate (NotFound Essential WP Real Estate) with a Reflected Cross-Site Scripting vulnerability. Affected versions are from n/a through 1.1.3. The description is corroborated by multiple connected sources (Red Hat RH: CVE-2025-23857; NV...
CVE-2024-13347
CVE-2024-13347 affects the WordPress plugin “Essential WP Real Estate” up to version 1.1.3. The issue is a reflected Cross-Site Scripting (XSS) vulnerability caused by not escaping generated URLs before output in HTML attributes, enabling an attacker-controlled URL to inject scripts when user-pro...
CVE-2024-13318
CVE-2024-13318 affects the Essential WP Real Estate WordPress plugin. The vulnerability is due to a missing capability check in cl_delete_listing_func() across all versions up to 1.1.3, allowing unauthenticated attackers to delete arbitrary pages and posts. The CVSS 3.1 vector is CVSS:3.1/AV:N/AC...