CVE-2019-25742 in Zoner Real Estateinfo

Summary

by MITRE • 06/04/2026

WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creating properties. Attackers can inject JavaScript payloads in the property creation form that execute when administrators view the property for approval, enabling cookie theft and session hijacking.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

VulnCheck

Reservation

06/04/2026

Disclosure

06/04/2026

Moderation

accepted

Entry

VDB-368330

CPE

ready

CWE

CWE-79 (confirmed)

Exploit

Download

CVSS

6.4 (CNA)

EPSS

0.00000

KEV

Activities

very low

Sector

Hostingprovider

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2019-25742
NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-25742
CVE Details	https://www.cvedetails.com/cve/CVE-2019-25742/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!