Vulnerabilities > G5Plus > Essential Real Estate > 4.4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-01 | CVE-2025-30849 | PHP Remote File Inclusion vulnerability in G5Plus Essential Real Estate Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate allows PHP Local File Inclusion. | 9.8 |
| 2024-06-04 | CVE-2024-4273 | Cross-site Scripting vulnerability in G5Plus Essential Real Estate The Essential Real Estate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ere_property_map' shortcode in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |