Plattform
wordpress
Komponente
easy-property-listings-xml-csv-import
Behoben in
2.2.2
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Import into Easy Property Listings plugin for WordPress. This flaw allows an attacker to trick a logged-in user into performing actions they did not intend to, potentially leading to unauthorized modifications or deletions of property listings. The vulnerability affects versions from 0.0.0 up to and including 2.2.1, but is resolved in version 2.2.2.
The primary impact of this CSRF vulnerability is the potential for unauthorized actions within a user's account. An attacker could craft malicious links or embed them in websites or emails, enticing users to click them. Upon clicking, the attacker could, for example, create, modify, or delete property listings without the user's knowledge or consent. This could result in data loss, incorrect information being displayed, or even malicious content being injected into the website. The blast radius depends on the permissions granted to users within the Easy Property Listings system; administrators are at higher risk than users with limited privileges.
This vulnerability was publicly disclosed on December 30, 2025. There is no indication of active exploitation campaigns targeting this specific vulnerability at this time. No public proof-of-concept exploits have been identified. The vulnerability is not currently listed on the CISA KEV catalog.
WordPress websites utilizing the Import into Easy Property Listings plugin, particularly those with user accounts that have administrative privileges or the ability to manage property listings, are at risk. Shared hosting environments where multiple websites share the same server resources may also be indirectly affected if one site is vulnerable and an attacker can leverage cross-site scripting to target users on other sites.
• wordpress / composer / npm:
grep -r 'easy-property-listings-xml-csv-import' /var/www/html/
wp plugin list | grep 'easy-property-listings-xml-csv-import'• generic web:
curl -I https://your-wordpress-site.com/wp-admin/admin-ajax.php?action=easy_property_listings_import_processdisclosure
Exploit-Status
EPSS
0.02% (5% Perzentil)
CISA SSVC
CVSS-Vektor
The recommended mitigation is to immediately upgrade the Import into Easy Property Listings plugin to version 2.2.2 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing temporary workarounds. These may include restricting access to sensitive functions via user roles, or implementing CSRF tokens on critical forms. While not a complete solution, these measures can reduce the attack surface. After upgrading, verify the fix by attempting to submit a request to a sensitive endpoint while logged in as a standard user and observing whether the action is performed without explicit confirmation.
Update to version 2.2.2, or a newer patched version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-62112 is a Cross-Site Request Forgery (CSRF) vulnerability in the Import into Easy Property Listings WordPress plugin, allowing attackers to perform unauthorized actions.
You are affected if you are using Import into Easy Property Listings versions 0.0.0 through 2.2.1. Upgrade to 2.2.2 or later to mitigate the risk.
Upgrade the Import into Easy Property Listings plugin to version 2.2.2 or later. Consider temporary workarounds if immediate upgrade is not possible.
There is currently no evidence of active exploitation campaigns targeting this specific vulnerability.
Refer to the plugin developer's website or WordPress.org plugin repository for the latest advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.