cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-13318,https://securityvulnerability.io/vulnerability/CVE-2024-13318,Unauthorized Access Vulnerability in Essential WP Real Estate Plugin for WordPress,"The Essential WP Real Estate plugin for WordPress presents a security risk due to a missing capability check in the cl_delete_listing_func() function. This vulnerability allows unauthenticated attackers to gain unauthorized access and delete arbitrary pages and posts, potentially compromising the integrity of the website. Users are urged to update their installations to secure their sites against these unauthorized actions.",Wordpress,Essential WP Real Estate,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,false,false,false,2025-01-10T11:10:45.380Z,0
CVE-2024-12329,https://securityvulnerability.io/vulnerability/CVE-2024-12329,Unauthorized Data Access in Essential Real Estate Plugin,"The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to access invoices and transaction logs",Wordpress,Essential Real Estate,4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-12-12T06:46:35.297Z,0
CVE-2024-4273,https://securityvulnerability.io/vulnerability/CVE-2024-4273,Stored Cross-Site Scripting Vulnerability in Essential Real Estate Plugin,"The Essential Real Estate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ere_property_map' shortcode in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Essential Real Estate,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-04T05:32:16.657Z,0
CVE-2024-4274,https://securityvulnerability.io/vulnerability/CVE-2024-4274,Unauthorized Attachment Deletion Vulnerability in Essential Real Estate Plugin,"The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the remove_property_attachment_ajax() function in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachments.",Wordpress,Essential Real Estate,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-06-04T05:32:15.727Z,0
CVE-2023-6140,https://securityvulnerability.io/vulnerability/CVE-2023-6140,WordPress Plugin Vulnerability in Essential Real Estate by a Leading Vendor,"The Essential Real Estate WordPress plugin prior to version 4.4.0 contains a vulnerability that allows users with limited site privileges, such as subscribers, to upload potentially malicious PHP files by disguising them as ZIP archives. This flaw may enable an attacker to execute arbitrary code remotely, posing a significant security risk to the affected WordPress installations. Website administrators should ensure they are using the latest version of the plugin to mitigate this vulnerability.",Wordpress,Essential Real Estate,8.8,HIGH,0.0021899999119341373,false,,false,false,false,,false,false,2024-01-08T19:15:00.000Z,0
CVE-2023-6827,https://securityvulnerability.io/vulnerability/CVE-2023-6827,Arbitrary File Upload Vulnerability in Essential Real Estate Plugin for WordPress,"The Essential Real Estate plugin for WordPress is vulnerable due to inadequate file type validation in its 'ajaxUploadFonts' function. This vulnerability allows authenticated attackers, who possess subscriber-level permissions or higher, to upload arbitrary files to the server where the affected site is hosted. Such file uploads could potentially lead to remote code execution, compromising the integrity and security of the entire site.",Wordpress,Essential Real Estate,7.5,HIGH,0.004509999882429838,false,,false,false,false,,false,false,2023-12-15T08:15:00.000Z,0
CVE-2022-3933,https://securityvulnerability.io/vulnerability/CVE-2022-3933,Essential Real Estate < 3.9.6 - Reflected Cross-Site-Scripting,"The Essential Real Estate WordPress plugin before 3.9.6 does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks.",Wordpress,Essential Real Estate,5.4,MEDIUM,0.0010400000028312206,false,,false,false,false,,false,false,2022-12-12T17:54:37.527Z,0