cleantalk
Vulnerabilities and Security Researches

Real Estate Manager – Property Listing and Agent Management, CVE-2023-4239

CVE, Research URL

CVE-2023-4239

Home page URL

Security reports for Real Estate Manager – Property Listing and Agent Management

Application

Real Estate Manager – Property Listing and Agent Management

Published on
-
Research Description
The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.2 due to insufficient restriction on the 'rem_save_profile_front' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update.
Affected versions
Min -, max 7.2.
Status
vulnerable
Previous vulnerability researches
Real Estate Manager – Property Listing and Agent Management (CVE-2025-32668) , Apr 12, 2025
Real Estate Manager – Property Listing and Agent Management (CVE-2025-22645) , Feb 21, 2025
Real Estate Manager – Property Listing and Agent Management (CVE-2025-32150) , Apr 06, 2025
Real Estate Manager – Property Listing and Agent Management (CVE-2025-32596) , Apr 19, 2025
Real Estate Manager – Property Listing and Agent Management (CVE-2023-4239) , Jun 10, 2024
New vulnerability
IS-theme-companion (CVE-2025-53277) , Jul 04, 2025
Lead Form Data Collection to CRM (CVE-2025-5692) , Jul 04, 2025
Drive Folder Embedder (CVE-2025-6546) , Jul 04, 2025
WP Roadmap – Product Feedback Board (CVE-2025-52822) , Jul 04, 2025
WP Wall (CVE-2025-28968) , Jul 04, 2025