Estatebud%20%E2%80%93%20Properties%20%26%20Listings

Estatebud – Properties & Listings

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2024-13710

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-4.3||MEDIUM

EPSS-0.01% / 0.71%

7 Day CHG~0.00%

Published-25 Mar, 2025 | 08:22

Updated-31 Mar, 2025 | 16:30

Estatebud – Properties & Listings <= 5.5.0 - Cross-Site Request Forgery to Settings Update

The Estatebud – Properties & Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.0. This is due to missing or incorrect nonce validation on the 'estatebud_settings' page. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Vendor-estatebud

Product-Estatebud – Properties & Listings

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2025-23994

Assigner-Patchstack

View Details

Assigner-Patchstack

CVSS Score-7.1||HIGH

EPSS-0.05% / 16.79%

7 Day CHG+0.01%

Published-21 Jan, 2025 | 17:21

Updated-21 Jan, 2025 | 18:42

WordPress Estatebud – Properties & Listings plugin <= 5.5.0 - CSRF to Stored XSS vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Estatebud Estatebud – Properties & Listings allows Stored XSS. This issue affects Estatebud – Properties & Listings: from n/a through 5.5.0.

Vendor-Estatebud

Product-Estatebud – Properties & Listings

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')