CVE-2021-24387

Name of the Vulnerable Software and Affected Versions WP Pro Real Estate 7 versions prior to 3.1.1

Description The issue is related to a reflected Cross-Site Scripting problem. It occurs because the ct community parameter in the search listing page is not properly sanitized before being outputted. This can be triggered by both unauthenticated and authenticated users.

Recommendations For WP Pro Real Estate 7 versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the search listing page or sanitizing the ct community parameter to minimize the risk of exploitation.