CVE-2026-54827
Deferred Deferred - Pending Action

Unauthenticated SQL Injection in Real Estate 7

Vulnerability report for CVE-2026-54827, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description

Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
patchstack real_estate_7 to 3.5.9 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-54827 is an unauthenticated SQL Injection vulnerability found in the WordPress Real Estate 7 Theme, versions 3.5.9 and below.

This flaw allows attackers to interact directly with the website's database without needing to log in or authenticate.

Because it requires no authentication, it is considered highly dangerous and is classified under the OWASP Top 10 category A3: Injection.

Detection Guidance

This vulnerability is an unauthenticated SQL Injection in the WordPress Real Estate 7 Theme versions 3.5.9 and below. Detection typically involves monitoring for suspicious SQL injection attempts targeting the vulnerable theme.

While no specific commands are provided in the available resources, common detection methods include using web application firewalls (WAFs) with rules to block known attack patterns, inspecting web server logs for unusual SQL syntax in requests, and scanning the website with vulnerability scanners that detect SQL injection.

Patchstack has issued mitigation rules to block attacks until the theme is updated, which can be used as part of detection and prevention.

Impact Analysis

This vulnerability can have severe impacts including allowing attackers to steal sensitive information from the website's database.

Since the vulnerability is unauthenticated and has a high CVSS score of 9.3, it is a prime target for mass exploitation campaigns affecting thousands of websites.

Additionally, the vulnerability can lead to partial denial of service (availability impact) and compromise the confidentiality of data.

Compliance Impact

The vulnerability allows unauthenticated attackers to perform SQL Injection attacks, potentially leading to unauthorized access and theft of sensitive information stored in the website's database.

Such unauthorized data access and potential data breaches can negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access.

Failure to address this vulnerability could result in violations of these regulations due to compromised confidentiality and integrity of protected data.

Mitigation Strategies

The vulnerability affects WordPress Real Estate 7 Theme versions 3.5.9 and below and allows unauthenticated SQL Injection attacks.

Immediate mitigation steps include upgrading the theme to version 3.6.0 or later, which contains the patch for this issue.

Until the upgrade can be performed, applying the mitigation rule issued by Patchstack to block attacks is recommended.

Users are also advised to seek assistance from their hosting provider or developer to ensure proper mitigation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54827. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart