G5plus

Essential Real Estate

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-48126

  • EPSS 0.16%
  • Veröffentlicht 09.06.2025 15:54:03
  • Zuletzt bearbeitet 02.07.2025 19:56:33

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate allows PHP Local File Inclusion. This issue affects Essential Real Estate: from n/a through 5.2.1.

9.8

CVE-2025-30849

  • EPSS 0.55%
  • Veröffentlicht 01.04.2025 06:15:53
  • Zuletzt bearbeitet 27.05.2025 18:52:20

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate allows PHP Local File Inclusion. This issue affects Essential Real Estate: from n/a through 5.2.0.

4.3

CVE-2025-24698

  • EPSS 0.14%
  • Veröffentlicht 24.01.2025 18:15:43
  • Zuletzt bearbeitet 09.06.2025 18:54:46

Cross-Site Request Forgery (CSRF) vulnerability in G5Theme Essential Real Estate allows Cross Site Request Forgery. This issue affects Essential Real Estate: from n/a through 5.1.8.

4.3

CVE-2024-12329

  • EPSS 0.3%
  • Veröffentlicht 12.12.2024 07:15:10
  • Zuletzt bearbeitet 05.06.2025 16:05:14

The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers,...

4.3

CVE-2024-4274

  • EPSS 0.19%
  • Veröffentlicht 04.06.2024 06:15:11
  • Zuletzt bearbeitet 29.05.2025 20:21:29

The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the remove_property_attachment_ajax() function in all versions up to, and including, 4.4.2. This makes it possible for authent...

5.4

CVE-2024-4273

  • EPSS 0.31%
  • Veröffentlicht 04.06.2024 06:15:10
  • Zuletzt bearbeitet 29.05.2025 20:21:13

The Essential Real Estate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ere_property_map' shortcode in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping on user s...

8.8

CVE-2023-6140

Exploit
  • EPSS 3.89%
  • Veröffentlicht 08.01.2024 19:15:10
  • Zuletzt bearbeitet 21.11.2024 08:43:13

The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution.

5.4

CVE-2023-6141

Exploit
  • EPSS 0.26%
  • Veröffentlicht 08.01.2024 19:15:10
  • Zuletzt bearbeitet 18.06.2025 16:15:24

The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks.

6.5

CVE-2023-6139

Exploit
  • EPSS 0.22%
  • Veröffentlicht 08.01.2024 19:15:09
  • Zuletzt bearbeitet 03.06.2025 15:15:50

The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Denial of Service attacks.

8.8

CVE-2023-6827

  • EPSS 9.63%
  • Veröffentlicht 15.12.2023 08:15:46
  • Zuletzt bearbeitet 21.11.2024 08:44:37

The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'ajaxUploadFonts' function in versions up to, and including, 4.3.5. This makes it possible for authenticated attack...