CVE-2026-57398
Received Received - Intake

Real Estate Manager Pro Reflected Cross-Site Scripting

Vulnerability report for CVE-2026-57398, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: Patchstack

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Real Estate Manager Pro real-estate-manager-pro allows Reflected XSS.This issue affects Real Estate Manager Pro: from n/a through <= 12.8.3.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
webcodingplace real_estate_manager_pro to 12.8.3 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-57398 is a Cross-Site Scripting (XSS) vulnerability found in the WordPress Real Estate Manager Pro Plugin, versions 12.8.3 and below.

This vulnerability occurs due to improper neutralization of input during web page generation, allowing attackers to inject malicious scripts that execute when visitors access the affected site.

Exploitation requires user interaction, such as clicking a malicious link or submitting a form, and can be initiated by an unauthenticated developer or privileged user.

Impact Analysis

If exploited, this vulnerability can allow attackers to inject harmful scripts into your website.

  • These scripts could perform unwanted redirects.
  • They could display unauthorized advertisements.
  • Such actions can compromise the integrity and trustworthiness of your website.

The vulnerability has a CVSS score of 7.1, indicating a moderate level of risk and potential for widespread exploitation.

Detection Guidance

This vulnerability can be detected by monitoring for suspicious input patterns that attempt to inject scripts into the Real Estate Manager Pro plugin, especially in versions 12.8.3 and below.

Since the attack requires user interaction such as clicking a malicious link or submitting a form, network detection can focus on identifying unusual HTTP requests containing script tags or suspicious payloads targeting the plugin.

Patchstack provides a mitigation rule to block attacks until the plugin is updated, which can also be used to detect attempted exploitations.

  • Use web application firewall (WAF) logs or intrusion detection systems (IDS) to look for requests containing typical XSS payloads targeting the Real Estate Manager Pro plugin.
  • Check web server logs for HTTP requests with suspicious query parameters or POST data that include script tags or encoded JavaScript.
  • Run manual tests by submitting inputs containing common XSS payloads to the plugin's input fields and observe if the input is reflected unsanitized.

Specific commands are not provided in the available resources.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the Real Estate Manager Pro plugin to version 12.8.4 or later, where the issue is fixed.

Until the update can be applied, users should enable the mitigation rule provided by Patchstack to block attacks targeting this vulnerability.

Enabling auto-updates for vulnerable plugins through Patchstack is also recommended for immediate protection.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57398. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart