Real Estate Manager Pro
Monthly
Reflected cross-site scripting in the WebCodingPlace Real Estate Manager Pro WordPress plugin (all versions up to and including 12.8.3) allows a remote attacker to inject arbitrary JavaScript that executes in a victim's browser when they follow a crafted link. Because the CVSS scope is changed (S:C), successful execution can affect the broader WordPress session/DOM beyond the vulnerable component. No public exploit identified at time of analysis, and it is not listed in CISA KEV; EPSS was not supplied.
Reflected cross-site scripting in the WebCodingPlace Real Estate Manager Pro WordPress plugin (all versions up to and including 12.8.3) allows a remote attacker to inject arbitrary JavaScript that executes in a victim's browser when they follow a crafted link. Because the CVSS scope is changed (S:C), successful execution can affect the broader WordPress session/DOM beyond the vulnerable component. No public exploit identified at time of analysis, and it is not listed in CISA KEV; EPSS was not supplied.