CVE-2025-58253
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-22

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rameez Iqbal Real Estate Manager real-estate-manager allows DOM-Based XSS.This issue affects Real Estate Manager: from n/a through <= 7.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-22
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2025-09-22
EPSS Evaluated
2026-06-14
NVD
CVE-2025-58253
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wordpress real_estate_manager 7.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Cross-Site Scripting (XSS) issue in the WordPress Real Estate Manager Plugin up to version 7.3. It allows attackers to inject malicious scripts into web pages, which execute when visitors access the affected site. These scripts can perform actions like redirects, displaying unwanted advertisements, or other harmful HTML payloads. The vulnerability is DOM-based and falls under the OWASP Top 10 category A3: Injection. [1]

Impact Analysis

The vulnerability can allow attackers to execute malicious scripts in the context of your website, potentially leading to unauthorized actions such as redirecting users to malicious sites, displaying unwanted content, or stealing sensitive information. Since the plugin is abandoned and no official fix is available, the risk remains unless you replace the plugin or apply virtual patching. Automated attacks may target your site opportunistically, and if compromised, professional incident response and server-side malware scanning are recommended. [1]

Detection Guidance

Detection of this vulnerability involves monitoring for attempts to inject malicious scripts targeting the Real Estate Manager plugin. Since the vulnerability is DOM-based XSS, network detection can include inspecting HTTP requests for suspicious payloads attempting script injection. However, no specific commands are provided in the resources. It is recommended to use server-side malware scanning and professional incident response tools rather than relying on plugin-based scanners, which may be compromised. [1]

Mitigation Strategies

Immediate mitigation steps include replacing the vulnerable Real Estate Manager plugin with an alternative solution, as no official patch is available and the plugin is abandoned. Deactivating the plugin alone is insufficient unless a virtual patch (vPatch) is applied. Patchstack recommends using virtual patching to block exploit attempts automatically without impacting website performance. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-58253. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart