Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Real Estate Manager Pro real-estate-manager-pro allows Reflected XSS.This issue affects Real Estate Manager Pro: from n/a through <= 12.7.3.
Published: 2025-08-20
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper neutralization of user input during web page generation, resulting in a reflected cross‑site scripting (XSS) flaw. An attacker could inject malicious scripts that execute in the context of a victim’s browser, potentially stealing session data, defacing content, or performing malicious actions on behalf of the user. This weakness aligns with CWE‑79 and leads to a loss of confidentiality and integrity for users who view the affected pages.

Affected Systems

The flaw affects the WebCodingPlace Real Estate Manager Pro plugin for WordPress; all versions from the earliest available release through 12.7.3 are vulnerable.

Risk and Exploitability

The CVSS score of 7.1 places this vulnerability in the high‑severity range. However, the EPSS score is listed as < 1 %, indicating a very low probability of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Most likely, exploitation would occur via a crafted URL or form submission that the victim unknowingly processes, exploiting the lack of output encoding to inject script payloads.

Generated by OpenCVE AI on April 30, 2026 at 16:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Real Estate Manager Pro to a version newer than 12.7.3, which removes the reflected XSS flaw.
  • Verify that all user‑submitted data on the plugin’s front‑end forms is properly sanitized and encoded before display, ensuring no untrusted input reaches the browser.
  • Monitor web server logs for anomalous XSS payloads and block known malicious input patterns until a patch can be applied.
  • If an upgrade is delayed, consider disabling or restricting access to the plugin’s public‑facing pages that accept input until the vulnerability is resolved.

Generated by OpenCVE AI on April 30, 2026 at 16:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-25314 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Real Estate Manager Pro allows Reflected XSS. This issue affects Real Estate Manager Pro: from n/a through 12.7.3.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Real Estate Manager Pro allows Reflected XSS. This issue affects Real Estate Manager Pro: from n/a through 12.7.3. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Real Estate Manager Pro real-estate-manager-pro allows Reflected XSS.This issue affects Real Estate Manager Pro: from n/a through <= 12.7.3.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Sun, 24 Aug 2025 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Webcodingplace
Webcodingplace real Estate Manager
Wordpress
Wordpress wordpress
Vendors & Products Webcodingplace
Webcodingplace real Estate Manager
Wordpress
Wordpress wordpress

Wed, 20 Aug 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 20 Aug 2025 08:15:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Real Estate Manager Pro allows Reflected XSS. This issue affects Real Estate Manager Pro: from n/a through 12.7.3.
Title WordPress Real Estate Manager Pro Plugin <= 12.7.3 - Cross Site Scripting (XSS) Vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Webcodingplace Real Estate Manager
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:29.424Z

Reserved: 2025-07-16T08:51:58.889Z

Link: CVE-2025-54032

cve-icon Vulnrichment

Updated: 2025-08-20T14:47:36.776Z

cve-icon NVD

Status : Deferred

Published: 2025-08-20T08:15:46.897

Modified: 2026-04-23T15:32:44.320

Link: CVE-2025-54032

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T16:15:06Z

Weaknesses