G5theme

Essential Real Estate

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-68071

  • EPSS 0.04%
  • Veröffentlicht 16.12.2025 08:13:03
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Authorization Bypass Through User-Controlled Key vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Real Estate: from n/a through <...

5.4

CVE-2025-66127

  • EPSS 0.04%
  • Veröffentlicht 16.12.2025 08:12:53
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Missing Authorization vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Real Estate: from n/a through <= 5.2.9.

9.8

CVE-2025-48126

  • EPSS 0.73%
  • Veröffentlicht 09.06.2025 15:54:03
  • Zuletzt bearbeitet 01.04.2026 17:24:24

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essential-real-estate allows PHP Local File Inclusion.This issue affects Essential Real Estate: fro...

9.8

CVE-2025-30849

  • EPSS 0.73%
  • Veröffentlicht 01.04.2025 06:15:53
  • Zuletzt bearbeitet 01.04.2026 17:20:26

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essential-real-estate allows PHP Local File Inclusion.This issue affects Essential Real Estate: fro...

4.3

CVE-2025-24698

  • EPSS 0.06%
  • Veröffentlicht 24.01.2025 18:15:43
  • Zuletzt bearbeitet 01.04.2026 17:18:06

Cross-Site Request Forgery (CSRF) vulnerability in g5theme Essential Real Estate essential-real-estate allows Cross Site Request Forgery.This issue affects Essential Real Estate: from n/a through <= 5.1.8.

4.3

CVE-2024-12329

  • EPSS 0.3%
  • Veröffentlicht 12.12.2024 07:15:10
  • Zuletzt bearbeitet 05.06.2025 16:05:14

The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers,...

4.3

CVE-2024-4274

  • EPSS 0.21%
  • Veröffentlicht 04.06.2024 06:15:11
  • Zuletzt bearbeitet 08.04.2026 18:21:43

The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the remove_property_attachment_ajax() function in all versions up to, and including, 4.4.2. This makes it possible for authent...

5.4

CVE-2024-4273

  • EPSS 0.36%
  • Veröffentlicht 04.06.2024 06:15:10
  • Zuletzt bearbeitet 08.04.2026 19:21:34

The Essential Real Estate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ere_property_map' shortcode in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping on user s...

5.4

CVE-2022-3933

Exploit
  • EPSS 5.5%
  • Veröffentlicht 12.12.2022 18:15:12
  • Zuletzt bearbeitet 22.04.2025 15:16:01

The Essential Real Estate WordPress plugin before 3.9.6 does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks.