CVE-2025-54032
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Real Estate Manager Pro real-estate-manager-pro allows Reflected XSS.This issue affects Real Estate Manager Pro: from n/a through <= 12.7.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Reflected XSS in Real Estate Manager Pro plugin (<=12.7.3) allows attackers to inject malicious scripts via crafted requests.
The Real Estate Manager Pro plugin for WordPress (up to version 12.7.3) contains a reflected Cross-Site Scripting (XSS) vulnerability due to improper neutralization of user input during web page generation [1]. This flaw enables an attacker to inject arbitrary HTML and JavaScript into a response.
Exploitation requires user interaction, such as clicking a specially crafted link or submitting a form. The attack can be initiated by any unauthenticated user, but successful execution depends on the target performing an action [1].
An attacker can leverage this vulnerability to inject malicious scripts, including redirects, advertisements, or other HTML payloads. These scripts execute in the context of the victim's browser when visiting the affected site [1].
The vendor has released version 12.7.4 to address the issue. Users are advised to update immediately. Patchstack also offers a virtual patch as a temporary mitigation [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.