WordPress Real Estate 7 Theme 3.3.4 Cross Site Request Forgery – Torchsec
Report Title: WordPress Real Estate 7 Theme <= 3.3.4 - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities
Google Dork: inurl:/wp-content/themes/realestate-7/
Research Date: 2023-02-10
Researcher: FearZzZz [ https://fearzzzz.ru ]
Component Vendor: Contempo Themes [ https://contempothemes.com ]
Vulnerable Version: <= 3.3.4
Component Link: https://themeforest.net/item/wp-pro-real-estate-7-responsive-real-estate-wordpress-theme/12473778
CVSS Base Score: 6.3 (Medium)
CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
OWASP Top 10: A01: 2021 – Broken Access Control
CWE: CWE-352
CVE: TBA
=================================================================================================
#### [ Description: ]
The Real Estate 7 theme for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in versions up to, and including, v3.3.4, because of missing and incorrect nonce validation on several functions. This vulnerability could allow an attacker to trick users into performing an action they didn't intend to perform under their current authentication.
#### [ Impact: ]
Impact of a CSRF vulnerability is related to the privileges of the target user. Depending on the nature of the action, an attacker might be able to change some data or gain full control over the user's account. If the compromised user has a privileged role (administrator, i.e.) within the application, then the attacker can gain full control over the application.
#### [ Proof-of-Concept | Lead Alert Creation: ]
```
```
#### [ Proof-of-Concept | Add Property to Favorites: ]
```
```
#### [ Proof-of-Concept | Remove Property from Favorites: ]
```
```
#### [ Proof-of-Concept | Contact / Information Request: ]
```
```
```
```
#### [ Proof-of-Concept | Lead Alert Deletion: ]
```
```
#### [ Proof-of-Concept | Profile Image Deletion: ]
```
```
#### [ Proof-of-Concept | Broker Logo Deletion: ]
```
```
#### [ Proof-of-Concept | Clear All Favorites: ]
```
```
#### [ Proof-of-Concept | Buyer Profile Update: ]
```
```
#### [ Proof-of-Concept | Agent Profile Update: ]
```
```
#### [ Timeline: ]
2023.02.08 - Real Estate 7 Theme v3.3.4 released.
2023.02.10 - Vulnerability has been discovered.
2023.02.15 - Vendor notified.
2023.02.16 - Chris Robinson responded that the vulnerabilities have been fixed. The release of the new version v3.3.5 is scheduled for March 6.
#### [ Contacts: ]
Website: fearzzzz.ru
Email: fearzzzz@tutanota.com
Twitter: https://twitter.com/fear_zzzz
Medium: https://fearzzzz.medium.com
GitHub: https://github.com/fearzzzz
YouTube: https://youtube.com/@fearzzzz
#### [ Notes: ]
Special thanks to Chris Robinson (Contempo Themes Founder & CEO) for the quick response and for the respectful communication.
#### [ Disclaimer: ]
The information provided in this report is provided "as is" without warranty of any kind. FearZzZz disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall FearZzZz be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if FearZzZz have been advised of the possibility of such damages.
========================================================================== [ www.fearzzzz.ru ] ==
Gloss