Contempoinc Real Estate 7 Wordpress vulnerabilities
3 known vulnerabilities affecting contempoinc/real_estate_7_wordpress.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-13421P1CRITICALCVSS 9.8Exploited≤ 3.5.12025-02-12
CVE-2024-13421 [CRITICAL] CWE-266 CVE-2024-13421: The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all version
The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. This is due to the plugin not properly restricting the roles allowed to be selected during registration. This makes it possible for unauthenticated attackers to register a new administrative user account.
nvd
CVE-2025-2891P2HIGHCVSS 8.8≤ 3.5.42025-04-01
CVE-2025-2891 [HIGH] CWE-434 CVE-2025-2891: The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missi
The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'template-submit-listing.php' file in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with Seller-level access and above, to upload arbitrary files on the affected site's server
nvd
CVE-2022-47146P4MEDIUMCVSS 6.1≥ n/a, ≤ 3.3.12023-03-27
CVE-2022-47146 [MEDIUM] CWE-79 CVE-2022-47146: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contempoinc Real Estate 7 WordPress th
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contempoinc Real Estate 7 WordPress theme <= 3.3.1 versions.
nvd