CVE Catalog
CVE-2026-57641
MediumCVSS 6.5Summary
In Real Estate 7 versions up to 3.5.9, there is an unauthenticated Cross-Site Request Forgery (CSRF) vulnerability. An attacker can trick a logged-in administrator into performing unintended actions in the application.
Risk Assessment
The risk involves the possibility of performing unauthorized operations in the admin panel, such as changing configuration or adding a new user, without the victim's knowledge.
Recommendation
Immediately update the Real Estate 7 plugin to a version newer than 3.5.9, where the vulnerability has been patched.
Original NVD description (English source)
Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.

