WordPress Real Estate 7 Theme <= 3.3.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2022-47146

7.1HIGH

Key Information:

Vendor: Wordpress
Status: Real Estate 7 WordPress
Vendor: CVE Published:; 27 March 2023

Summary

The Contempoinc Real Estate 7 WordPress theme has a vulnerability that allows attackers to exploit unauthenticated reflected Cross-Site Scripting (XSS). This can potentially enable malicious actors to execute scripts in users' browsers by tricking them into clicking a crafted link. Affected users are encouraged to update to the latest version to mitigate this risk.

Affected Version(s)

Real Estate 7 WordPress <= 3.3.1

References

https://patchstack.com/database/vulnerability/realestate-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 27, 2023
Vulnerability Reserved
Dec 12, 2022

Credit

FearZzZz (Patchstack Alliance)