WordPress Plugin Vulnerabilities

Essential Real Estate <= 1.7.1 - XSS

Description

Multiple XSS across the plugin

Proof of Concept

Affects Plugins

Plugin icon
essential-real-estate
Fixed in 1.7.2

References

URL
https://plugins.trac.wordpress.org/changeset?reponame=&new=2116720%40essential-real-estate&old=2076136%40essential-real-estate

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Verified
No
WPVDB ID
11ecbc2c-25c5-4fe0-8d6b-a1d12c47b31b

Timeline

Publicly Published
2019-06-29 (about 6 years ago)
Added
2019-07-04 (about 6 years ago)
Last Updated
2019-07-04 (about 6 years ago)

Other

Published
Title
Published
2025-04-11
Title
Additional Custom Product Tabs for WooCommerce < 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-08-01
Title
WP-PostRatings < 1.91.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-06-14
Title
WooCommerce Menu Cart < 2.12.0 - Reflected Cross-Site Scripting
Published
2024-02-09
Title
Insert PHP Code Snippet < 1.3.5 - Admin+ Stored XSS
Published
2024-11-08
Title
The Pack Elementor addons < 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting