CVE Catalog
CVE-2026-54827
CriticalCVSS 9.3Exploitation Probability (EPSS)
Low risk0.28%
20th percentile — higher than 20% of all known CVEs
Summary
SQL Injection vulnerability in Real Estate 7 plugin versions up to 3.5.9 allows unauthenticated attackers to inject malicious SQL code. This can lead to unauthorized database access and data leakage.
Risk Assessment
The risk includes potential loss of data confidentiality, modification or deletion of data, and possible takeover of the application by an attacker without authentication.
Recommendation
It is recommended to immediately update the Real Estate 7 plugin to a version later than 3.5.9 and perform a security audit of the application.
Original NVD description (English source)
Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions.

