G5theme Essential Real Estate
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in G5theme Essential Real Estate.
By the Year
In 2026 there have been 0 vulnerabilities in G5theme Essential Real Estate. Last year, in 2025 Essential Real Estate had 4 security vulnerabilities published. Right now, Essential Real Estate is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 4 | 5.95 |
| 2024 | 3 | 5.00 |
| 2023 | 1 | 7.50 |
| 2022 | 1 | 5.40 |
It may take a day or so for new Essential Real Estate vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent G5theme Essential Real Estate Security Vulnerabilities
Essential Real Estate <=5.2.2 Authorization Bypass via UserControlled Key
CVE-2025-68071
6.5 - Medium
- December 16, 2025
Authorization Bypass Through User-Controlled Key vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Real Estate: from n/a through <= 5.2.9.
Insecure Direct Object Reference / IDOR
Missing Auth in g5theme Essential Real Estate <=5.2.2 Exploit
CVE-2025-66127
5.4 - Medium
- December 16, 2025
Missing Authorization vulnerability in g5theme Essential Real Estate essential-real-estate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Real Estate: from n/a through <= 5.2.9.
AuthZ
PHP LFI in Essential Real Estate <=5.2.0
CVE-2025-30849
- April 01, 2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essential-real-estate allows PHP Local File Inclusion.This issue affects Essential Real Estate: from n/a through <= 5.2.0.
Remote file include
CSRF in G5Theme Essential Real Estate until 5.1.8
CVE-2025-24698
- January 24, 2025
Cross-Site Request Forgery (CSRF) vulnerability in g5theme Essential Real Estate essential-real-estate allows Cross Site Request Forgery.This issue affects Essential Real Estate: from n/a through <= 5.1.8.
Session Riding
Essential Real Estate Plugin: Unauthorized Data Access Vulnerability
CVE-2024-12329
4.3 - Medium
- December 12, 2024
The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to access invoices and transaction logs
Information Disclosure
WordPress Essential Real Estate: Authenticated Attachment Deletion (4.4.2)
CVE-2024-4274
4.3 - Medium
- June 04, 2024
The Essential Real Estate plugin for WordPress is vulnerable to unauthorized loss of data due to insufficient validation on the remove_property_attachment_ajax() function in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachments.
Insecure Direct Object Reference / IDOR
WordPress Essential Real Estate 4.4.2: Stored XSS via ere_property_map sc
CVE-2024-4273
6.4 - Medium
- June 04, 2024
The Essential Real Estate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ere_property_map' shortcode in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
XSS
Arbitr. File Upload in Essential Real Estate WP Plugin v4.3.5
CVE-2023-6827
7.5 - High
- December 15, 2023
The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'ajaxUploadFonts' function in versions up to, and including, 4.3.5. This makes it possible for authenticated attackers with subscriber-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVE-2023-6140 appears to be a duplicate of this issue.
Unrestricted File Upload
Essential Real Estate WP Plugin XSS via Unsanitized Admin Params <3.9.6
CVE-2022-3933
5.4 - Medium
- December 12, 2022
The Essential Real Estate WordPress plugin before 3.9.6 does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for G5theme Essential Real Estate or by G5theme? Click the Watch button to subscribe.
