G5theme

Essential Real Estate

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-68071

  • EPSS 0.04%
  • Veröffentlicht 16.12.2025 08:13:03
  • Zuletzt bearbeitet 20.01.2026 15:19:37

Authorization Bypass Through User-Controlled Key vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Real Estate: from n/a through <...

5.4

CVE-2025-66127

  • EPSS 0.04%
  • Veröffentlicht 16.12.2025 08:12:53
  • Zuletzt bearbeitet 20.01.2026 15:19:09

Missing Authorization vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Real Estate: from n/a through <= 5.2.2.

9.8

CVE-2025-48126

  • EPSS 0.16%
  • Veröffentlicht 09.06.2025 15:54:03
  • Zuletzt bearbeitet 02.07.2025 19:56:33

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate allows PHP Local File Inclusion. This issue affects Essential Real Estate: from n/a through 5.2.1.

9.8

CVE-2025-30849

  • EPSS 0.55%
  • Veröffentlicht 01.04.2025 06:15:53
  • Zuletzt bearbeitet 27.05.2025 18:52:20

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate allows PHP Local File Inclusion. This issue affects Essential Real Estate: from n/a through 5.2.0.

4.3

CVE-2025-24698

  • EPSS 0.14%
  • Veröffentlicht 24.01.2025 18:15:43
  • Zuletzt bearbeitet 09.06.2025 18:54:46

Cross-Site Request Forgery (CSRF) vulnerability in G5Theme Essential Real Estate allows Cross Site Request Forgery. This issue affects Essential Real Estate: from n/a through 5.1.8.

4.3

CVE-2024-12329

  • EPSS 0.3%
  • Veröffentlicht 12.12.2024 07:15:10
  • Zuletzt bearbeitet 05.06.2025 16:05:14

The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers,...

4.3

CVE-2024-4274

  • EPSS 0.19%
  • Veröffentlicht 04.06.2024 06:15:11
  • Zuletzt bearbeitet 29.05.2025 20:21:29

The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the remove_property_attachment_ajax() function in all versions up to, and including, 4.4.2. This makes it possible for authent...

5.4

CVE-2024-4273

  • EPSS 0.31%
  • Veröffentlicht 04.06.2024 06:15:10
  • Zuletzt bearbeitet 29.05.2025 20:21:13

The Essential Real Estate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ere_property_map' shortcode in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping on user s...

5.4

CVE-2022-3933

Exploit
  • EPSS 5.54%
  • Veröffentlicht 12.12.2022 18:15:12
  • Zuletzt bearbeitet 22.04.2025 15:16:01

The Essential Real Estate WordPress plugin before 3.9.6 does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks.