Vulnerabilities and security researches foressential-real-estate essential-real-estate

Apr 03, 2025

CVE, Research URL: CVE-2025-30849
Home page URL: Security reports for Essential Real Estate
Application: Essential Real Estate
Date: Apr 01, 2025
Research Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate allows PHP Local File Inclusion. This issue affects Essential Real Estate: from n/a through 5.2.0.
Affected versions: Min -, max -.
Status: vulnerable

Jan 25, 2025

CVE, Research URL: CVE-2025-24698
Home page URL: Security reports for Essential Real Estate
Application: Essential Real Estate
Date: Jan 24, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in G5Theme Essential Real Estate allows Cross Site Request Forgery. This issue affects Essential Real Estate: from n/a through 5.1.8.
Affected versions: Min -, max -.
Status: vulnerable

Dec 13, 2024

CVE, Research URL: CVE-2024-12329
Home page URL: Security reports for Essential Real Estate
Application: Essential Real Estate
Date: Dec 12, 2024
Research Description: The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to access invoices and transaction logs
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2022-3933
Home page URL: Security reports for Essential Real Estate
Application: Essential Real Estate
Date: Dec 12, 2022
Research Description: The Essential Real Estate WordPress plugin before 3.9.6 does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-4273
Home page URL: Security reports for Essential Real Estate
Application: Essential Real Estate
Date: Jun 04, 2024
Research Description: The Essential Real Estate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ere_property_map' shortcode in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-6827
Home page URL: Security reports for Essential Real Estate
Application: Essential Real Estate
Date: Dec 15, 2023
Research Description: The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'ajaxUploadFonts' function in versions up to, and including, 4.3.5. This makes it possible for authenticated attackers with subscriber-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-6139
Home page URL: Security reports for Essential Real Estate
Application: Essential Real Estate
Date: Jan 09, 2024
Research Description: The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Denial of Service attacks.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-6141
Home page URL: Security reports for Essential Real Estate
Application: Essential Real Estate
Date: Jan 09, 2024
Research Description: The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-6140
Home page URL: Security reports for Essential Real Estate
Application: Essential Real Estate
Date: Jan 09, 2024
Research Description: The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: e60e97fd6d298882765627557ba57f8d922724cf
Home page URL: Security reports for Essential Real Estate
Application: Essential Real Estate
Date: Jul 04, 2019
Research Description: Essential Real Estate [essential-real-estate] < 1.7.2 WordPress Essential Real Estate plugin <= 1.7.1 - Cross-Site Scripting (XSS) vulnerability Cross-Site Scripting (XSS) vulnerability found in WordPress Essential Real Estate plugin (versions <= 1.7.1)
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-4274
Home page URL: Security reports for Essential Real Estate
Application: Essential Real Estate
Date: Jun 04, 2024
Research Description: The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the remove_property_attachment_ajax() function in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachments.
Affected versions: Min -, max -.
Status: vulnerable