Themes Vulnerabilities

Real Estate 7 < 3.0.4 - Unauthenticated Reflected XSS

Description

An Unauthenticated Reflected XSS vulnerability was discovered in the Real Estate 7 theme v3.0.2 and v3.0.3 for WordPress.

Proof of Concept

Affects Themes

realestate-7
Fixed in 3.0.4

References

URL
https://themeforest.net/item/wp-pro-real-estate-7-responsive-real-estate-wordpress-theme/12473778

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Vlad Vector
Submitter
VLΛD VΞCTOR
Submitter website
https://vladvector.ru
Submitter twitter
vlad_vector
Verified
Yes
WPVDB ID
5cd5a058-15db-4952-95d3-c335099e6cfc

Timeline

Publicly Published
2020-07-27 (about 5 years ago)
Added
2020-07-27 (about 5 years ago)
Last Updated
2020-07-28 (about 5 years ago)

Other

Published
Title
Published
2022-12-14
Title
Swifty Page Manager <= 3.0.1 - Admin+ Stored XSS
Published
2026-02-27
Title
UberSlider Ultra <= 2.3 - Reflected Cross-Site Scripting
Published
2024-04-15
Title
Shortcodes and extra features for Phlox theme < 2.15.8 - Contributor+ Stored XSS via title_tag
Published
2025-02-03
Title
Simple Select All Text Box <= 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-05-18
Title
Baidu Tongji generator <= 1.0.2 - Admin+ Stored XSS