MEDIUM
Fruitfulcode
CVE published 2026-06-04
CVE-2019-25742
CVE-2019-25742 is a persistent cross-site scripting (XSS) vulnerability in WordPress Theme Zoner Real Estate 4.1.1. The vulnerability allows authenticated agents to inject malicious scripts through the Address input field when creating properties. These scripts execute when administrators view the property for approval, enabling attackers to steal cookies and hijack sessions.