Stored XSS Vulnerability in Estatebud Properties & Listings Plugin
CVE-2025-23994

7.1HIGH

Key Information:

Vendor: Estatebud
Status: Estatebud – Properties & Listings
Vendor: CVE Published:; 21 January 2025

Summary

A stored Cross-site Scripting (XSS) vulnerability has been identified in the Estatebud – Properties & Listings plugin. This flaw arises from improper neutralization of input during web page generation, which allows attackers to inject malicious scripts into pages viewed by users. As a result, malicious actors can execute arbitrary JavaScript in the context of the user’s browser, potentially leading to data theft or unauthorized actions. The vulnerability affects versions of the plugin from n/a to 5.5.0, highlighting the need for users to apply security measures and keep the plugin updated.

Affected Version(s)

Estatebud – Properties & Listings <= 5.5.0

References

https://patchstack.com/database/wordpress/plugin/estatebu...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

SOPROBRO (Patchstack Alliance)