wp-plugin : clicksold-wordpress-plugin – A3-Cross-Site Scripting (XSS)


Plugin Details


Plugin Name : clicksold-wordpress-plugin


Effected Version : 1.48 (and most probably lower version's if any)

Vulnerability : A3-Cross-Site Scripting (XSS)
Identified by : Anant Shrivastava



Technical Details


Minimum Level of Access Required : Unauthenticated


PoC - (Proof of Concept) :



Vulnerable Parameter : id


Fixed Version : 1.49


Type of XSS : Reflected


Trac Changelog : https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=834036%40clicksold-wordpress-plugin&old=820059%40clicksold-wordpress-plugin&sfp_email=&sfph_mail=#file2


Disclosure Timeline


Vendor Contacted : 2014-01-04

Plugin Status : Updated on 2014-01-11
Public Disclosure : July 7, 2014
CVE Number : Not assigned yet

Plugin Description :
ClickSold adds real estate related features to Agent and Brokerage websites built on WordPress. Features include:

* Adding / Displaying real estate listings
* Adding Team members / office agents
* Customizable real estate widgets
* Optional MLS ® Integration
* Mobile listing browsing and searching
* Search Engine Optimized design

**See ClickSold in Action**

* Responsive Design: [Eleven40 Theme](http://eleven40demo.clicksold.com/)
* Gorgeous IDX Search: [Associate Theme](http://associatedemo.clicksold.com/mls-search/)

**How Much?**

From FREE to $45/month.

**Work with REALTORS®?**

Sign up to become a ClickSold Affiliate and earn revenue from every Silver, Gold or Platinum ClickSold plugin you use.

* ClickSold Affiliate Program: [Click Here](http://www.clicksold.com/affiliate-program/)
* Our Existing Affiliates: [Click Here](http://www.clicksold.com/our-affiliates/)

Leave a Reply

Your email address will not be published. Required fields are marked *