CVE-2021-24387

CVE-2021-24387: Real Estate 7 < 3.1.1 - Reflected Cross-Site Scripting (XSS)

Vendor Contempoinc
Product WP Pro Real Estate 7
Weakness CWE-79 · XSS
Published July 6, 2021
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community parameter in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which can be triggered in both unauthenticated or authenticated user context

Key dates

02Disclosure timeline

July 6, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-24558 WordPress ABG Rich Pins plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability CVE-2025-4415 Piwik PRO - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-058 CVE-2025-22497 WordPress Simple Google Calendar Outlook Events Block Widget plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability CVE-2019-16025 Cisco Emergency Responder Stored Cross-Site Scripting Vulnerability CVE-2024-6006 ZKTeco ZKBio CVSecurity V5000 Summer Schedule cross site scripting