Real Estate 7 < 2.9.5 - Multiple Vulnerabilities



Description
Multiple vulnerabilities was discovered in the «Real Estate 7 WordPress», tested version — v2.9.4:

- Unauthenticated Reflected XSS
- Authenticated Persistent XSS
- Authenticated Persistent Self-XSS
- IDOR
- Information Exposure


Edit (WPScanTeam):
January 12th - Report Received & Envato Contacted
January 13th - Envato Investigating
January 13th - v2.9.5 released, fixing the issues
Proof of Concept The PoC will be displayed on January 28, 2020, to give users the time to update.

Affects Theme

fixed in version 2.9.5

References

URL https://themeforest.net/item/wp-pro-real-estate-7-responsive-real-estate-wordpress-theme/12473778
URL https://contempothemes.com/wp-real-estate-7/changelog/

Classification

Type MULTI

Miscellaneous

Original Researcher m0ze
Submitter m0ze
Submitter Twitter m0ze_ru
Views 1516
Verified No
WPVDB ID 10024

Timeline

Publicly Published 2020-01-14 (9 days ago)
Added 2020-01-14 (8 days ago)
Last Updated 2020-01-20 (2 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin