{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-2906", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-03-28T09:36:42.701Z", "datePublished": "2025-04-01T11:12:27.945Z", "dateUpdated": "2026-04-08T16:46:48.484Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:46:48.484Z"}, "affected": [{"vendor": "contempoinc", "product": "Contempo Real Estate Core", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.6.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Contempo Real Estate Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "Contempo Real Estate Core <= 3.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/39c651c3-a478-4f58-af51-fd73d2934bdf?source=cve"}, {"url": "https://themeforest.net/item/wp-pro-real-estate-7-responsive-real-estate-wordpress-theme/12473778"}, {"url": "https://contempothemes.com/changelog/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "timeline": [{"time": "2025-03-28T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-03-28T00:00:00.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-03-31T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-01T15:12:53.483553Z", "id": "CVE-2025-2906", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-01T15:14:12.036Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2906", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-01T15:12:53.483553Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-01T15:14:06.578Z"}}], "cna": {"title": "Contempo Real Estate Core <= 3.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode", "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "contempoinc", "product": "Contempo Real Estate Core", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.6.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-03-28T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-03-28T00:00:00.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-03-31T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/39c651c3-a478-4f58-af51-fd73d2934bdf?source=cve"}, {"url": "https://themeforest.net/item/wp-pro-real-estate-7-responsive-real-estate-wordpress-theme/12473778"}, {"url": "https://contempothemes.com/changelog/"}], "descriptions": [{"lang": "en", "value": "The Contempo Real Estate Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:46:48.484Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2906", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:46:48.484Z", "dateReserved": "2025-03-28T09:36:42.701Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-04-01T11:12:27.945Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Contempo Real Estate Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}, {"lang": "es", "value": "El complemento Contempo Real Estate Core para WordPress es vulnerable a cross-site scripting almacenado mediante shortcodes en versiones hasta la 3.6.3 incluida, debido a una depuraci\u00f3n de entrada y al escape de salida insuficiente en los atributos proporcionados por el usuario. Esto permite a atacantes autenticados con permisos de colaborador o superiores inyectar scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n al acceder un usuario a una p\u00e1gina inyectada."}], "id": "CVE-2025-2906", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-04-01T12:15:15.580", "references": [{"source": "security@wordfence.com", "url": "https://contempothemes.com/changelog/"}, {"source": "security@wordfence.com", "url": "https://themeforest.net/item/wp-pro-real-estate-7-responsive-real-estate-wordpress-theme/12473778"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/39c651c3-a478-4f58-af51-fd73d2934bdf?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T21:33:20.653654+00:00", "value": {"mitigation_remediation": ["Update Contempo Real Estate Core to the latest version (\u22653.6.4) where the shortcode input is properly sanitized and output escaped.", "If an immediate update is not possible, remove or downgrade contributor accounts to prevent creation of malicious shortcodes and consider disabling shortcode usage through plugin settings if feasible.", "Apply defensive controls such as a Content Security Policy that blocks inline scripts and a web application firewall rule to detect and block unusual shortcode syntax."], "summary": {"action": "Patch", "impact": "Stored Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "All WordPress sites that use the Contempo Real Estate Core plugin in versions 3.6.3 or earlier are impacted. The vulnerability is tied to the plugin\u2019s shortcode handling and does not affect the core WordPress engine itself.", "description_and_impact": "Contempo Real Estate Core suffers a stored XSS flaw that allows an authenticated attacker with contributor or higher privileges to inject arbitrary JavaScript via shortcode attributes. The unsanitized input is rendered in page content, meaning any visitor who views the affected page will execute the code in their browser. This can lead to client\u2011side session hijacking, credential theft, defacement, or further phishing attacks, effectively compromising the confidentiality and integrity of user sessions.", "risk_and_exploitability": "The CVSS score of 6.4 classifies the issue as high severity. The EPSS score of less than 1% indicates that, at the time of analysis, exploitation is relatively unlikely, and the vulnerability is not listed in CISA KEV. Attack requires valid contributor or higher credentials; the attacker must create or modify a shortcode containing malicious JavaScript, which is then stored and executed whenever any user loads the page with that shortcode."}}}}, "created": "2025-06-23T09:16:29.849862+00:00", "updated": "2026-04-21T21:45:25.838375+00:00", "vendors": ["contempoinc", "contempoinc$PRODUCT$contempo_real_estate_core", "wordpress", "wordpress$PRODUCT$wordpress"]}