CVE-2025-68072
WordPress Easy Property Listings plugin <= 3.5.17 - Broken Access Control vulnerabilityMissing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through <= 3.5.17.
We have discovered 1,308 live websites that are affected by CVE-2025-68072.
Affected Software
| Product |  Easy Property Listings |
| Category | Wordpress Plugins |
| Vulnerable Domains | 1,308 live websites (100% of Easy Property Listings install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 49 versions ( 100% of all versions) |
Details
- Published - Jan 22, 2026
- Updated - Jan 28, 2026
Credits
- daroo | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2025-68072 United States | 550 websites |
 Australia | 314 websites |
 GB | 63 websites |
 Germany | 51 websites |
 Italy | 40 websites |
 Canada | 35 websites |
 France | 25 websites |
 Netherlands | 22 websites |
 Spain | 18 websites |
 South Africa | 18 websites |
Website Distribution by TLD
Number of websites using CVE-2025-68072| .com | 616 websites |
| .com.au | 340 websites |
| .co.uk | 43 websites |
| .net | 25 websites |
| .org | 25 websites |
| .it | 24 websites |
| .de | 19 websites |
| .ca | 17 websites |
| .nl | 15 websites |
| .fr | 10 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-68072
Top websites that are affected by CVE-2025-68072. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********************.com | United States | ***,*** | |
| *************.**.nz | United States | ***,*** | |
| **************.com | United States | ***,*** | |
| **************.de | Germany | ***,*** | |
| ***********.de | Germany | *,***,*** | |
| ***********************.***.au | Australia | *,***,*** | |
| *************.***.au | Australia | *,***,*** | |
| *************.**.za | South Africa | *,***,*** | |
| **********.it | Italy | *,***,*** | |
| ***********.it | Italy | *,***,*** |
FAQ
A total of 1,308 websites have been identified as vulnerable to CVE-2025-68072, based on global website indexing conducted by WebTechSurvey.
The Easy Property Listings is affected by the CVE-2025-68072 vulnerability.
Easy Property Listings versions up to and including 3.5.17 are vulnerable to CVE-2025-68072.