.. / CVE-2022-3933

Exploit for WordPress Essential Real Estate <3.9.6 - Authenticated Cross-Site Scripting (CVE-2022-3933)

Description:

WordPress Essential Real Estate plugin before 3.9.6 contains an authenticated cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters, which can allow someone with a role as low as admin to inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow theft of cookie-based authentication credentials and launch of other attacks.

Nuclei Template

View the template here CVE-2022-3933.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-3933.yaml
Copy

References:

https://github.com/ARPSyndicate/cvemon
https://wordpress.org/plugins/essential-real-estate/advanced/
https://github.com/cyllective/CVEs
https://nvd.nist.gov/vuln/detail/CVE-2022-3933
https://wpscan.com/vulnerability/6395f3f1-5cdf-4c55-920c-accc0201baf4