cleantalk
Vulnerabilities and Security Researches

Estatik Real Estate Plugin, CVE-2016-10959

CVE, Research URL

CVE-2016-10959

Home page URL

Security reports for Estatik Real Estate Plugin

Application

Estatik Real Estate Plugin

Published on
Sep 16, 2019
Research Description
The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php.
Affected versions
max 2.2.6.
Status
vulnerable
Previous vulnerability researches
Estatik Mortgage Calculator (CVE-2025-48136) , May 18, 2025
Estatik Mortgage Calculator (CVE-2025-26907) , Feb 27, 2025
Estatik Mortgage Calculator (CVE-2023-28490) , Jun 10, 2024
Estatik Mortgage Calculator (CVE-2023-40601) , Jun 10, 2024
Estatik Mortgage Calculator (CVE-2024-9354) , Jan 08, 2025
New vulnerability
SiteGround Email Marketing (CVE-2025-62912) , Nov 10, 2025
Inactive Logout (CVE-2025-11922) , Nov 10, 2025
Advanced Coupons – WooCommerce Coupons, Store Credit, Gift Cards, Loyalty Program, BOGO Coupons, Discount Rules (CVE-2025-62015) , Nov 10, 2025
Zephyr Project Manager (CVE-2025-10490) , Nov 10, 2025
Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media (CVE-2025-49373) , Nov 10, 2025