Vulnerabilities and security researches foreasy-property-listings easy-property-listings

May 31, 2025

CVE, Research URL: CVE-2024-2869
Home page URL: Security reports for Easy Property Listings
Application: Easy Property Listings
Date: May 16, 2025
Research Description: The Easy Property Listings WordPress plugin before 3.5.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions: Min -, max -.
Status: vulnerable

Sep 14, 2024

CVE, Research URL: CVE-2024-3163
Home page URL: Security reports for Easy Property Listings
Application: Easy Property Listings
Date: Sep 12, 2024
Research Description: The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2024-32799
Home page URL: Security reports for Easy Property Listings
Application: Easy Property Listings
Date: Jun 09, 2024
Research Description: Missing Authorization vulnerability in Merv Barrett Easy Property Listings.This issue affects Easy Property Listings: from n/a through 3.5.3.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2020-5530
Home page URL: Security reports for Easy Property Listings
Application: Easy Property Listings
Date: Feb 18, 2020
Research Description: Cross-site request forgery (CSRF) vulnerability in Easy Property Listings versions prior to 3.4 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2019-15817
Home page URL: Security reports for Easy Property Listings
Application: Easy Property Listings
Date: Aug 30, 2019
Research Description: The easy-property-listings plugin before 3.4 for WordPress has XSS.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-1893
Home page URL: Security reports for Easy Property Listings
Application: Easy Property Listings
Date: Apr 10, 2024
Research Description: The Easy Property Listings plugin for WordPress is vulnerable to time-based SQL Injection via the ‘property_status’ shortcode attribute in all versions up to, and including, 3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: Min -, max -.
Status: vulnerable