G5plus Essential_real_estate
10 CVEs affecting G5plus Essential_real_estate. Latest disclosed: 2025-06-09. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-6140 | High | 8.8 | 2024-01-08 | The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploadin… |
CVE-2025-48126 | High | 8.1 | 2025-06-09 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essentia… |
CVE-2025-30849 | High | 8.1 | 2025-04-01 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essentia… |
CVE-2023-6827 | High | 7.5 | 2023-12-15 | The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'ajaxUploadFonts' functi… |
CVE-2023-6139 | Medium | 6.5 | 2024-01-08 | The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers… |
CVE-2024-4273 | Medium | 6.4 | 2024-06-04 | The Essential Real Estate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ere_property_map' shortcode in all versions up to… |
CVE-2023-6141 | Medium | 5.4 | 2024-01-08 | The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers… |
CVE-2025-24698 | Medium | 4.3 | 2025-01-24 | Cross-Site Request Forgery (CSRF) vulnerability in g5theme Essential Real Estate essential-real-estate allows Cross Site Request Forgery.This issue affects Ess… |
CVE-2024-12329 | Medium | 4.3 | 2024-12-12 | The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in al… |
CVE-2024-4274 | Medium | 4.3 | 2024-06-04 | The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the remove_property_attachment_ajax… |