G5Theme Essential Real Estate vulnerabilities
10 known vulnerabilities affecting g5theme/essential_real_estate.
Total CVEs
10
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM7
Vulnerabilities
Page 1 of 1
CVE-2025-30849P3CRITICALCVSS 9.8≤ 5.2.02025-04-01
CVE-2025-30849 [CRITICAL] CWE-98 CVE-2025-30849: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essential-real-estate allows PHP Local File Inclusion.This issue affects Essential Real Estate: from n/a through <= 5.2.0.
nvd
CVE-2025-48126P3CRITICALCVSS 9.8≤ 5.2.92025-06-09
CVE-2025-48126 [CRITICAL] CWE-98 CVE-2025-48126: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essential-real-estate allows PHP Local File Inclusion.This issue affects Essential Real Estate: from n/a through <= 5.2.9.
nvd
CVE-2023-6140P3HIGHCVSS 8.8≤ 4.3.52024-01-08
CVE-2023-6140 [HIGH] CWE-434 CVE-2023-6140: The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileg
The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution.
nvd
CVE-2022-3933P4MEDIUMCVSS 5.4PoCfixed in 3.9.62022-12-12
CVE-2022-3933 [MEDIUM] CWE-79 CVE-2022-3933: The Essential Real Estate WordPress plugin before 3.9.6 does not sanitize and escapes some parameter
The Essential Real Estate WordPress plugin before 3.9.6 does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks.
nvd
CVE-2025-68071P3MEDIUMCVSS 6.5≤ 5.3.22025-12-16
CVE-2025-68071 [MEDIUM] CWE-639 CVE-2025-68071: Authorization Bypass Through User-Controlled Key vulnerability in g5theme Essential Real Estate esse
Authorization Bypass Through User-Controlled Key vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Real Estate: from n/a through <= 5.3.2.
nvd
CVE-2025-66127P4MEDIUMCVSS 5.3≤ 5.3.22025-12-16
CVE-2025-66127 [MEDIUM] CWE-862 CVE-2025-66127: Missing Authorization vulnerability in g5theme Essential Real Estate essential-real-estate allows Ex
Missing Authorization vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Real Estate: from n/a through <= 5.3.2.
nvd
CVE-2024-4274P4MEDIUMCVSS 4.3≤ 4.4.42024-06-04
CVE-2024-4274 [MEDIUM] CWE-639 CVE-2024-4274: The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to ins
The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the remove_property_attachment_ajax() function in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachments.
nvd
CVE-2024-4273P4MEDIUMCVSS 5.4≤ 4.4.22024-06-04
CVE-2024-4273 [MEDIUM] CWE-79 CVE-2024-4273: The Essential Real Estate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the
The Essential Real Estate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ere_property_map' shortcode in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and
nvd
CVE-2024-12329P4MEDIUMCVSS 4.3≤ 5.1.62024-12-12
CVE-2024-12329 [MEDIUM] CWE-200 CVE-2024-12329: The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a
The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to access invoices and transaction logs
nvd
CVE-2025-24698P4MEDIUMCVSS 4.3≤ 5.1.82025-01-24
CVE-2025-24698 [MEDIUM] CWE-352 CVE-2025-24698: Cross-Site Request Forgery (CSRF) vulnerability in g5theme Essential Real Estate essential-real-esta
Cross-Site Request Forgery (CSRF) vulnerability in g5theme Essential Real Estate essential-real-estate allows Cross Site Request Forgery.This issue affects Essential Real Estate: from n/a through <= 5.1.8.
nvd