Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
38045.4%CRITICAL

Related CVEs

8
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-48136Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Estatik Mortgage Calculator Estatik estatik-mortgage-calculator allows PHP Local File Inclusion.This issue affects Mortgage Calculator Estatik: from n/a through <= 2.0.12.HIGH8.835.6%May 16, 2025
CVE-2023-6050The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as adminMEDIUM6.133.7%Jan 15, 2024
CVE-2023-6049The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blogCRITICAL9.856.0%Jan 15, 2024
CVE-2023-6048The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are resetMEDIUM6.544.7%Jan 15, 2024
CVE-2023-28490Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik Estatik Mortgage Calculator plugin <= 2.0.7 versions.MEDIUM6.129.7%Sep 27, 2023
CVE-2023-40601Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik Estatik Mortgage Calculator plugin <= 2.0.7 versions.MEDIUM6.124.8%Sep 6, 2023
CVE-2016-10959The estatik plugin before 2.3.1 for WordPress has authenticated arbitrary file upload (exploitable with CSRF) via es_media_images[] to wp-admin/admin-ajax.php.MEDIUM6.561.8%Sep 16, 2019
CVE-2016-10958The estatik plugin before 2.3.0 for WordPress has unauthenticated arbitrary file upload via es_media_images[] to wp-admin/admin-ajax.php.HIGH7.577.0%Sep 16, 2019