Plateforme
wordpress
Composant
real-estate-manager
Corrigé dans
7.3.1
CVE-2025-32596 describes a Code Injection vulnerability within the Real Estate Manager WordPress plugin. This flaw allows attackers to inject and execute arbitrary code on vulnerable systems, potentially leading to unauthorized access and data manipulation. The vulnerability impacts versions 0.0.0 through 7.3, and a fix is available in version 7.3.1.
The Code Injection vulnerability in Real Estate Manager poses a significant threat. An attacker could leverage this flaw to execute malicious code directly on the WordPress server, gaining control over the entire website and its underlying infrastructure. This could involve stealing sensitive data, modifying website content, installing malware, or using the compromised server as a launchpad for further attacks. The potential blast radius extends to any data stored within the Real Estate Manager plugin or accessible through the WordPress environment. Given the plugin's purpose, this could include client data, financial information, and property listings.
CVE-2025-32596 was publicly disclosed on 2025-04-17. Currently, there are no known public exploits or active campaigns targeting this vulnerability. Its inclusion in the NVD and CISA databases suggests a potential for future exploitation. The CVSS score of 7.3 (HIGH) indicates a significant risk, and security professionals should prioritize remediation.
Real Estate businesses and agencies using the Real Estate Manager plugin on their WordPress websites are at significant risk. This includes those relying on the plugin for managing property listings, client data, and financial transactions. Shared hosting environments where multiple websites share the same server resources are particularly vulnerable, as a compromise of one site could potentially impact others.
• wordpress / composer / npm:
grep -r "eval(base64_decode(" /var/www/html/wp-content/plugins/real-estate-manager/*• generic web:
curl -I https://your-website.com/wp-content/plugins/real-estate-manager/ | grep -i "eval(base64_decode("disclosure
Statut de l'Exploit
EPSS
0.31% (percentile 54%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-32596 is to immediately upgrade the Real Estate Manager plugin to version 7.3.1 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the plugin to prevent exploitation. While not a complete solution, implementing a Web Application Firewall (WAF) with rules to block suspicious code injection attempts can provide an additional layer of defense. Regularly review WordPress plugin security updates and consider using a security scanner to identify and address potential vulnerabilities.
Actualice el plugin Real Estate Manager a la última versión disponible para solucionar la vulnerabilidad de inyección de código. Consulte la página del plugin en WordPress.org para obtener más información y descargar la actualización.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-32596 is a Code Injection vulnerability affecting the Real Estate Manager WordPress plugin, allowing attackers to execute arbitrary code. It impacts versions 0.0.0 through 7.3.
If you are using Real Estate Manager version 0.0.0 through 7.3, you are potentially affected by this vulnerability. Check your plugin version and upgrade immediately.
Upgrade the Real Estate Manager plugin to version 7.3.1 or later to resolve this vulnerability. If upgrading is not possible, temporarily disable the plugin.
As of now, there are no confirmed reports of active exploitation, but the HIGH severity score warrants immediate attention and remediation.
Refer to the Real Estate Manager plugin's official website or WordPress plugin repository for the latest security advisory and update information.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.