CVE-2021-24387: 
WordPress vulnerability analysis and mitigation

The WP Pro Real Estate 7 WordPress theme before version 3.1.1 contained a reflected Cross-Site Scripting (XSS) vulnerability identified as CVE-2021-24387. The vulnerability was discovered in January 2021 and publicly disclosed in June 2021. The issue affected the theme's search listing page functionality (WPScan).

The vulnerability stemmed from improper sanitization of the ct_community parameter in the theme's search listing page. When this parameter was processed, its value was output back without proper sanitization, enabling both authenticated and unauthenticated users to inject malicious scripts. The vulnerability received a CVSS score of 7.1 (high severity) and was classified under CWE-79 (WPScan).

This vulnerability could allow attackers to execute arbitrary JavaScript code in users' browsers when they visit the affected search listing page. Since the XSS was reflected and could be triggered by both authenticated and unauthenticated users, it posed a significant risk to site visitors (WPScan).

The vulnerability was patched in version 3.1.1 of the WP Pro Real Estate 7 theme. Users were advised to update to this version or later to protect against potential XSS attacks (Contempo Changelog).