Vulnerabilities and security researches foropal-estate-pro opal-estate-pro

Jun 07, 2024

CVE, Research URL: CVE-2024-3666
Home page URL: Security reports for Opal Estate Pro – Property Management and Submission
Application: Opal Estate Pro – Property Management and Submission
Date: May 22, 2024
Research Description: The Opal Estate Pro – Property Management and Submission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the agent latitude and longitude parameters in all versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Jul 03, 2025

CVE, Research URL: CVE-2025-6934
Home page URL: Security reports for Opal Estate Pro – Property Management and Submission
Application: Opal Estate Pro – Property Management and Submission
Date: Jul 01, 2025
Research Description: The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is due to a lack of role restriction during registration in the 'on_regiser_user' function. This makes it possible for unauthenticated attackers to arbitrarily choose the role, including the Administrator role, assigned when registering.
Affected versions: Min -, max -.
Status: vulnerable