G5plus Essential_real_estate

10 CVEs affecting G5plus Essential_real_estate. Latest disclosed: 2025-06-09. Critical: 0, High: 4.

Top CVEs affecting G5plus Essential_real_estate
CVESeverityScorePublishedSummary
CVE-2023-6140High8.82024-01-08The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploadin…
CVE-2025-48126High8.12025-06-09Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essentia…
CVE-2025-30849High8.12025-04-01Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essentia…
CVE-2023-6827High7.52023-12-15The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'ajaxUploadFonts' functi…
CVE-2023-6139Medium6.52024-01-08The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers…
CVE-2024-4273Medium6.42024-06-04The Essential Real Estate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ere_property_map' shortcode in all versions up to…
CVE-2023-6141Medium5.42024-01-08The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers…
CVE-2025-24698Medium4.32025-01-24Cross-Site Request Forgery (CSRF) vulnerability in g5theme Essential Real Estate essential-real-estate allows Cross Site Request Forgery.This issue affects Ess…
CVE-2024-12329Medium4.32024-12-12The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in al…
CVE-2024-4274Medium4.32024-06-04The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the remove_property_attachment_ajax…