Plugin Details
Plugin Name: wp-plugin : clicksold-wordpress-plugin
Effected Version : 1.48 (and most probably lower version's if any)
Vulnerability : Cross-Site Scripting (XSS)
Identified by : anantshri
Technical Details
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :
http://localhost/wp-content/plugins/clicksold-wordpress-plugin/cs_listing_404_page_editor.php?id=id'><script>alert(document.cookie)</script>&
Vulnerable Parameter : id
Fixed Version : 1.49
Type of XSS : Reflected
Disclosure Timeline
Vendor Contacted : 2014-01-04
Plugin Status : Updated on 2014-01-11
Public Disclosure : July 7, 2014
CVE Number :
Plugin Description :
[|
ClickSold adds real estate related features to Agent and Brokerage websites built on WordPress. Features include:
* Adding / Displaying real estate listings
* Adding Team members / office agents
* Customizable real estate widgets
* Optional MLS ® Integration
* Mobile listing browsing and searching
* Search Engine Optimized design
**See ClickSold in Action**
* Responsive Design: [Eleven40 Theme](http://eleven40demo.clicksold.com/)
* Gorgeous IDX Search: [Associate Theme](http://associatedemo.clicksold.com/mls-search/)
**How Much?**
From FREE to $45/month.
**Work with REALTORS®?**
Sign up to become a ClickSold Affiliate and earn revenue from every Silver, Gold or Platinum ClickSold plugin you use.
* ClickSold Affiliate Program: [Click Here](http://www.clicksold.com/affiliate-program/)
* Our Existing Affiliates: [Click Here](http://www.clicksold.com/our-affiliates/)
]