cleantalk
Vulnerabilities and Security Researches

Easy Property Listings, CVE-2024-1893

CVE, Research URL

CVE-2024-1893

Home page URL

Security reports for Easy Property Listings

Application

Easy Property Listings

Published on
Apr 10, 2024
Research Description
The Easy Property Listings plugin for WordPress is vulnerable to time-based SQL Injection via the ‘property_status’ shortcode attribute in all versions up to, and including, 3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
Min -, max 3.5.3.
Status
vulnerable
Previous vulnerability researches
Easy Property Listings (CVE-2024-32799) , Jun 07, 2024
Easy Property Listings (CVE-2020-5530) , Jun 07, 2024
Easy Property Listings (CVE-2019-15817) , Jun 07, 2024
Easy Property Listings (CVE-2024-1893) , Jun 07, 2024
Easy Property Listings (CVE-2024-2869) , May 31, 2025
New vulnerability
Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider (CVE-2025-4567) , Jun 06, 2025
Popup Maker – Popup for opt-ins, lead gen, & more (CVE-2025-4205) , Jun 06, 2025
MaxiBlocks Free Page Builder & Template Library (CVE-2025-47601) , Jun 06, 2025
MetalpriceAPI (CVE-2025-48140) , Jun 05, 2025
Broken Link Checker (CVE-2025-4047) , Jun 05, 2025