Vulnerabilities and security researches forreal-estate-manager real-estate-manager

Jun 10, 2024

CVE, Research URL: CVE-2023-4239
Home page URL: Security reports for Real Estate Manager – Property Listing and Agent Management
Application: Real Estate Manager – Property Listing and Agent Management
Date: Aug 09, 2023
Research Description: The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.2 due to insufficient restriction on the 'rem_save_profile_front' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update.
Affected versions: max 7.2.
Status: vulnerable

Feb 21, 2025

CVE, Research URL: CVE-2025-22645
Home page URL: Security reports for Real Estate Manager – Property Listing and Agent Management
Application: Real Estate Manager – Property Listing and Agent Management
Date: Feb 19, 2025
Research Description: Improper Restriction of Excessive Authentication Attempts vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Password Brute Forcing.This issue affects Real Estate Manager: from n/a through <= 7.3.
Affected versions: max 7.3.
Status: vulnerable

Apr 06, 2025

CVE, Research URL: CVE-2025-32150
Home page URL: Security reports for Real Estate Manager – Property Listing and Agent Management
Application: Real Estate Manager – Property Listing and Agent Management
Date: Apr 04, 2025
Research Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows PHP Local File Inclusion.This issue affects Real Estate Manager: from n/a through <= 7.3.
Affected versions: max 7.3.
Status: vulnerable

Apr 12, 2025

CVE, Research URL: CVE-2025-32668
Home page URL: Security reports for Real Estate Manager – Property Listing and Agent Management
Application: Real Estate Manager – Property Listing and Agent Management
Date: Apr 10, 2025
Research Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows PHP Local File Inclusion.This issue affects Real Estate Manager: from n/a through <= 7.3.
Affected versions: max 7.3.
Status: vulnerable

Apr 19, 2025

CVE, Research URL: CVE-2025-32596
Home page URL: Security reports for Real Estate Manager – Property Listing and Agent Management
Application: Real Estate Manager – Property Listing and Agent Management
Date: Apr 17, 2025
Research Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Code Injection.This issue affects Real Estate Manager: from n/a through <= 7.3.
Affected versions: max 7.3.
Status: vulnerable

Jul 03, 2025

CVE, Research URL: CVE-2025-52825
Home page URL: Security reports for Real Estate Manager – Property Listing and Agent Management
Application: Real Estate Manager – Property Listing and Agent Management
Date: Jun 20, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Privilege Escalation.This issue affects Real Estate Manager: from n/a through <= 7.3.
Affected versions: max 7.3.
Status: vulnerable

CVE, Research URL: CVE-2025-50044
Home page URL: Security reports for Real Estate Manager – Property Listing and Agent Management
Application: Real Estate Manager – Property Listing and Agent Management
Date: Jun 20, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Cross Site Request Forgery.This issue affects Real Estate Manager: from n/a through <= 7.3.
Affected versions: max 7.3.
Status: vulnerable

Apr 25, 2026

CVE, Research URL: CVE-2025-58253
Home page URL: Security reports for Real Estate Manager – Property Listing and Agent Management
Application: Real Estate Manager – Property Listing and Agent Management
Date: Sep 23, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows DOM-Based XSS.This issue affects Real Estate Manager: from n/a through <= 7.3.
Affected versions: max 7.3.
Status: vulnerable

Jun 13, 2026

CVE, Research URL: d6af075df9eeabb032a33ef472defe878bf92e29
Home page URL: Security reports for Real Estate Manager – Property Listing and Agent Management
Application: Real Estate Manager – Property Listing and Agent Management
Date: Jun 13, 2019
Research Description: Real Estate Manager – Property Listing and Agent Management [real-estate-manager] < 7.0 Real Estate Manager – Property Listing and Agent Management <= 6.8 - Cross-Site Scripting The Real Estate Manager – Property Listing and Agent Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘revision’ parameter in versions up to, and including, 6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 7.0.
Status: vulnerable