Cross-site Scripting Vulnerability in NotFound Essential WP Real Estate Plugin
CVE-2025-23857

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Essential WP Real Estate
Vendor: CVE Published:; 14 February 2025

What is CVE-2025-23857?

The NotFound Essential WP Real Estate plugin contains a vulnerability that allows for reflected cross-site scripting (XSS) attacks due to improper input neutrality during web page generation. This issue could enable attackers to inject malicious scripts, potentially compromising user data and website integrity. It affects versions from n/a through 1.1.3, making it imperative for users of this plugin to implement necessary security measures to mitigate such risks.

Affected Version(s)

Essential WP Real Estate <= 1.1.3

References

https://patchstack.com/database/wordpress/plugin/essentia...

vdb-entry

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 14, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

0xd4rk5id3 (Patchstack Alliance)