CVE Catalog

CVE-2026-57641

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Summary

In Real Estate 7 versions up to 3.5.9, there is an unauthenticated Cross-Site Request Forgery (CSRF) vulnerability. An attacker can trick a logged-in administrator into performing unintended actions in the application.

Risk Assessment

The risk involves the possibility of performing unauthorized operations in the admin panel, such as changing configuration or adding a new user, without the victim's knowledge.

Recommendation

Immediately update the Real Estate 7 plugin to a version newer than 3.5.9, where the vulnerability has been patched.

Original NVD description (English source)

Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS