Exploit Title : wordpress plugin 'Realia' (real estate solution) multiple XSS Vulnerability Author : WICS Date : 03/06/2016 Software Link : https://wordpress.org/plugins/realia/ Tested Version: 0.8.5 Overview: Realia is wordpress plugin which provides functionality of real estate service like search and sale of property. this script is having property search form which is vulnerable to Cross Site Scripting attack template codes inside directory realia\templates\widgets\filter-fields are to display search form on user end. scripts (inside directory realia\templates\widgets\filter-fields) are not encoding user supplied data in GET method variable before printing to search page and causing XSS vulnerability. for example in id.php, from line number 7 to 9, input text field code is given below placeholder="" value="" on line number 9, GET method variable filter-id value is getting pass directly and no XSS filter to clean the data which results in XSS POC http://127.0.0.1/wordpress/properties/?filter-contract=RENT&filter-id=">&filter-location=&filter-property-type=&filter-amenity=&filter-status=&filter-contract=&filter-material=&filter-price-from=1337'&filter-price-to=&filter-rooms=&filter-baths=&rent_filter-beds=&filter-year-built=&filter-home-area-from=&filter-home-area-to=&filter-lot-area-from=&filter-lot-area-to=&filter-garages=