CVE-2022-3933

Name of the Vulnerable Software and Affected Versions Essential Real Estate WordPress plugin versions prior to 3.9.6

Description The issue is related to the lack of sanitization and escaping of some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks. This vulnerability may enable a remote attacker to conduct an XSS attack by exploiting the insufficient protection of the web page structure.

Recommendations For versions prior to 3.9.6, update to version 3.9.6 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive parameters and ensuring proper input validation to minimize the risk of exploitation.