Themes Vulnerabilities

Real Estate 7 < 2.9.1 - Stored XSS & IDOR

Description

The 'Real Estate 7' premium WordPress theme is vulnerable to persistent XSS injection that allows an attacker to inject JavaScript or HTML code into the website front-end. There is also an Insecure Direct Object Reference issue, allowing unauthorized users to edit listings they should not have access to.

Demo Website:
- Frontend: https://contempothemes.com/wp-real-estate-7/multi-demo/
- Backend: https://contempothemes.com/wp-real-estate-7/multi-demo/dashboard/
- Login / Password: m0ze / asdasd (or register a new account)

Proof of Concept

Affects Themes

realestate-7
Fixed in 2.9.1

References

Exploitdb
47184
URL
https://packetstormsecurity.com/files/#153802/
URL
https://themeforest.net/item/wp-pro-real-estate-7-responsive-real-estate-wordpress-theme/12473778

Miscellaneous

Original Researcher
m0ze
Submitter
m0ze
Submitter twitter
m0ze_ru
Verified
Yes
WPVDB ID
3416743f-fa32-4cb8-9255-4952c77a0590

Timeline

Publicly Published
2019-07-29 (about 6 years ago)
Added
2019-08-03 (about 6 years ago)
Last Updated
2021-01-19 (about 5 years ago)

Other

Published
Title
Published
2019-06-09
Title
Download Manager <= 2.9.96 - Various Sanitisation Issues
Published
2019-07-11
Title
School Management < 57.0 - CSRF and Stored XSS
Published
2016-09-14
Title
WP Front End Profile <= 0.2.1 - Privilege Escalation & Stored Cross-Site Scripting (XSS)
Published
2014-08-01
Title
Ajax Category Dropdown 0.1.5 - Multiple Vulnerabilities
Published
2016-05-18
Title
Fluid Responsive Slideshow < 2.2.7 - CSRF & XSS