CVE Catalog

CVE-2026-54827

CriticalCVSS 9.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile — higher than 20% of all known CVEs

Summary

SQL Injection vulnerability in Real Estate 7 plugin versions up to 3.5.9 allows unauthenticated attackers to inject malicious SQL code. This can lead to unauthorized database access and data leakage.

Risk Assessment

The risk includes potential loss of data confidentiality, modification or deletion of data, and possible takeover of the application by an attacker without authentication.

Recommendation

It is recommended to immediately update the Real Estate 7 plugin to a version later than 3.5.9 and perform a security audit of the application.

Original NVD description (English source)

Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS