Skip to main content

Real Estate 7

3 CVEs product

Monthly

CVE-2026-57343 HIGH This Week

Reflected/stored Cross-Site Scripting in the Real Estate 7 WordPress theme (contempoinc) versions 3.5.9 and earlier lets unauthenticated remote attackers inject arbitrary JavaScript that executes in a victim's browser when they interact with a crafted link or page. The scope-changing flaw (CVSS 3.1 7.1) can hijack sessions or perform actions in the victim's authenticated context, including administrators. Reported by Patchstack; no public exploit code has been identified and it is not on the CISA KEV list.

XSS Real Estate 7
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-13421 CRITICAL Act Now

The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Real Estate 7
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2021-24387 MEDIUM POC This Month

The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community parameter in its search listing page before outputting it back in it, leading to a reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Real Estate 7
NVD WPScan
CVSS 3.1
6.1
EPSS
3.7%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected/stored Cross-Site Scripting in the Real Estate 7 WordPress theme (contempoinc) versions 3.5.9 and earlier lets unauthenticated remote attackers inject arbitrary JavaScript that executes in a victim's browser when they interact with a crafted link or page. The scope-changing flaw (CVSS 3.1 7.1) can hijack sessions or perform actions in the victim's authenticated context, including administrators. Reported by Patchstack; no public exploit code has been identified and it is not on the CISA KEV list.

XSS Real Estate 7
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

The Real Estate 7 WordPress theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Real Estate 7
NVD
EPSS 4% CVSS 6.1
MEDIUM POC This Month

The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community parameter in its search listing page before outputting it back in it, leading to a reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Real Estate 7
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy