CVE-2025-58253
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | real_estate_manager | 7.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Scripting (XSS) issue in the WordPress Real Estate Manager Plugin up to version 7.3. It allows attackers to inject malicious scripts into web pages, which execute when visitors access the affected site. These scripts can perform actions like redirects, displaying unwanted advertisements, or other harmful HTML payloads. The vulnerability is DOM-based and falls under the OWASP Top 10 category A3: Injection. [1]
How can this vulnerability impact me? :
The vulnerability can allow attackers to execute malicious scripts in the context of your website, potentially leading to unauthorized actions such as redirecting users to malicious sites, displaying unwanted content, or stealing sensitive information. Since the plugin is abandoned and no official fix is available, the risk remains unless you replace the plugin or apply virtual patching. Automated attacks may target your site opportunistically, and if compromised, professional incident response and server-side malware scanning are recommended. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for attempts to inject malicious scripts targeting the Real Estate Manager plugin. Since the vulnerability is DOM-based XSS, network detection can include inspecting HTTP requests for suspicious payloads attempting script injection. However, no specific commands are provided in the resources. It is recommended to use server-side malware scanning and professional incident response tools rather than relying on plugin-based scanners, which may be compromised. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the vulnerable Real Estate Manager plugin with an alternative solution, as no official patch is available and the plugin is abandoned. Deactivating the plugin alone is insufficient unless a virtual patch (vPatch) is applied. Patchstack recommends using virtual patching to block exploit attempts automatically without impacting website performance. [1]