CVE-2019-25742

WordPress Theme Zoner Real Estate 4.1.1 Persistent XSS

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79

WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when creating properties. Attackers can inject JavaScript payloads in the property creation form that execute when administrators view the property for approval, enabling cookie theft and session hijacking.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Affected products

Fruitfulcode · Zoner Real Estate

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/47436unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://fruitfulcode.com/https://themeforest.net/item/zoner-real-estate-wordpress-theme/9099226 https://www.exploit-db.com/exploits/47436 https://www.vulncheck.com/advisories/wordpress-theme-zoner-real-estate-persistent-xss