Browse all 4 CVE security advisories affecting WPSight. AI-powered Chinese analysis, POCs, and references for each vulnerability.
WPSight is a WordPress real estate plugin that enables property listings and management. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting issues, and privilege escalation flaws, with four CVEs documented. These vulnerabilities often stem from insufficient input validation and improper access controls. The plugin's integration with WordPress core and third-party services creates additional attack surfaces. While no major public security incidents have been widely reported, the consistent discovery of critical vulnerabilities in its codebase highlights the importance of regular updates and security hardening for users implementing this solution.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-62043 | WordPress WPCasa plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability — WPCasaCWE-79 | 6.5 | Medium | 2026-03-19 |
| CVE-2025-9321 | WPCasa <= 1.4.1 - Unauthenticated Code Injection — WPCasaCWE-94 | 9.8 | Critical | 2025-09-23 |
| CVE-2025-39575 | WordPress WPCasa plugin <= 1.3.2 - Cross Site Scripting (XSS) Vulnerability — WPCasaCWE-79 | 6.5 | Medium | 2025-04-16 |
| CVE-2024-53826 | WordPress WPCasa plugin <= 1.2.13 - Insecure Direct Object References (IDOR) vulnerability — WPCasaCWE-862 | 5.3 | Medium | 2024-12-06 |
This page lists every published CVE security advisory associated with WPSight. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.