Description
Improper Control of Generation of Code ('Code Injection') vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Code Injection.This issue affects Real Estate Manager: from n/a through <= 7.3.
Published: 2025-04-17
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an instance of Improper Control of Generation of Code, also known as Code Injection. It allows an attacker to inject and execute arbitrary code within the WordPress environment. The primary impact is remote code execution, enabling an attacker to compromise the affected server, exfiltrate data, or use the site as a launching pad for further attacks. This weakness is classified as CWE‑94.

Affected Systems

The flaw exists in the Real Estate Manager plugin developed by Rameez Iqbal. Any installation of the plugin from the earliest release up through version 7.3 is affected. The vulnerability description does not specify any other product or vendor, so only the plugin itself is impacted.

Risk and Exploitability

The CVSS score of 7.3 indicates a high severity level, and the EPSS score of less than 1% suggests a very low probability of commercial exploitation at present. The flaw is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote, possibly through crafted HTTP requests processed by the plugin. Successful exploitation would depend on the plugin’s code execution path being accessible from the web interface, but the exact prerequisites are not detailed in the advisory.

Generated by OpenCVE AI on May 1, 2026 at 09:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Real Estate Manager plugin to a version newer than 7.3 or the latest available release.
  • If an upgrade cannot be performed immediately, disable or remove the plugin until a patched version is available.
  • Ensure that any remaining plugin endpoints are restricted to authenticated administrators, and apply a web application firewall to filter suspicious input.

Generated by OpenCVE AI on May 1, 2026 at 09:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-11697 Improper Control of Generation of Code ('Code Injection') vulnerability in Rameez Iqbal Real Estate Manager allows Code Injection. This issue affects Real Estate Manager: from n/a through 7.3.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Control of Generation of Code ('Code Injection') vulnerability in Rameez Iqbal Real Estate Manager allows Code Injection. This issue affects Real Estate Manager: from n/a through 7.3. Improper Control of Generation of Code ('Code Injection') vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows Code Injection.This issue affects Real Estate Manager: from n/a through <= 7.3.
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Thu, 17 Apr 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 17 Apr 2025 16:00:00 +0000

Type Values Removed Values Added
Description Improper Control of Generation of Code ('Code Injection') vulnerability in Rameez Iqbal Real Estate Manager allows Code Injection. This issue affects Real Estate Manager: from n/a through 7.3.
Title WordPress Real Estate Manager plugin <= 7.3 - Arbitrary Code Execution vulnerability
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:25.111Z

Reserved: 2025-04-09T11:20:27.474Z

Link: CVE-2025-32596

cve-icon Vulnrichment

Updated: 2025-04-17T17:42:31.077Z

cve-icon NVD

Status : Deferred

Published: 2025-04-17T16:15:45.750

Modified: 2026-04-23T15:29:10.777

Link: CVE-2025-32596

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T09:45:07Z

Weaknesses