cleantalk
Vulnerabilities and Security Researches

Opal Estate Pro – Property Management and Submission, CVE-2024-3666

CVE, Research URL

CVE-2024-3666

Home page URL

Security reports for Opal Estate Pro – Property Management and Submission

Application

Opal Estate Pro – Property Management and Submission

Published on
May 22, 2024
Research Description
The Opal Estate Pro – Property Management and Submission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the agent latitude and longitude parameters in all versions up to, and including, 1.7.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.7.6.
Status
vulnerable
Previous vulnerability researches
Opal Estate Pro – Property Management and Submission (CVE-2025-6934) , Jul 03, 2025
Opal Estate Pro – Property Management and Submission (CVE-2024-3666) , Jun 07, 2024
New vulnerability
CSV Importer Improved (CVE-2025-50013) , Jul 04, 2025
WooCommerce PDF Invoice Builder, Create invoices, packing slips and more (CVE-2025-53203) , Jul 04, 2025
Infility Global (CVE-2025-52774) , Jul 04, 2025
Additional Order Filters for WooCommerce (CVE-2025-53271) , Jul 04, 2025
Aviation Weather from NOAA (CVE-2025-28980) , Jul 04, 2025