Description
Missing Authorization vulnerability in sminozzi Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin real-estate-right-now allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin: from n/a through <= 4.48.
Published: 2025-07-16
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw in the sminozzi Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin that allows an attacker to bypass the plugin’s intended access control levels, potentially enabling unauthorized use of plugin features and exposure or alteration of application data. The CVE description does not enumerate specific data or functions at risk.

Affected Systems

Vendors or site owners using any version of the sminozzi Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin up to and including 4.48 on a WordPress installation are affected. The issue applies to all installed copies of the plugin, regardless of user role, if access control is misconfigured.

Risk and Exploitability

With a CVSS score of 4.3 the vulnerability is in the low‑to‑moderate severity range. An EPSS score of less than 1% indicates a very low probability of exploitation at the time of analysis. The flaw is not listed in CISA’s KEV catalog. The description does not specify an exact attack vector, but it can be inferred that an attacker could target the plugin via the WordPress web interface over HTTP/HTTPS by sending crafted requests to the plugin’s endpoints, without needing additional system privileges.

Generated by OpenCVE AI on April 30, 2026 at 16:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin to the latest release that fixes the missing authorization issue.
  • If an upgrade is not possible, disable or uninstall the plugin from the WordPress site to remove the vulnerability.
  • Apply role‑based restrictions and limit access to the plugin’s administrative URLs to authorized users or trusted IP addresses, and verify the plugin configuration to ensure correct security level settings.

Generated by OpenCVE AI on April 30, 2026 at 16:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-21646 Missing Authorization vulnerability in Bill Minozzi Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin: from n/a through 4.48.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Bill Minozzi Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin: from n/a through 4.48. Missing Authorization vulnerability in sminozzi Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin real-estate-right-now allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin: from n/a through <= 4.48.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 16 Jul 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00029}

Wed, 16 Jul 2025 10:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Bill Minozzi Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin: from n/a through 4.48.
Title WordPress Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin plugin <= 4.48 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:52.787Z

Reserved: 2025-05-15T18:01:53.424Z

Link: CVE-2025-48150

cve-icon Vulnrichment

Updated: 2025-07-16T20:19:19.585Z

cve-icon NVD

Status : Deferred

Published: 2025-07-16T11:15:24.067

Modified: 2026-04-23T15:30:53.343

Link: CVE-2025-48150

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T16:45:26Z

Weaknesses