PT-2025-2125 · WordPress · Essential Real Estate
Hassan Khan Yusufzai
+1
·
Published
2025-02-03
·
Updated
2025-02-06
·
CVE-2024-13347
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Essential WP Real Estate WordPress plugin versions 1.1.3 and earlier
Description
The issue is related to Reflected Cross-Site Scripting, where generated URLs are not properly escaped before being outputted in attributes. This can lead to malicious scripts being executed.
Recommendations
For Essential WP Real Estate WordPress plugin versions 1.1.3 and earlier, consider disabling the plugin until a patch is available to prevent Reflected Cross-Site Scripting attacks.
Restrict access to attributes that may contain generated URLs to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Essential Real Estate