WordPress Realteo <=1.2.3 - Cross-Site Scripting

WordPress Realteo plugin 1.2.3 and prior contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of keywordsearch, searchradius. bedrooms and bathrooms GET parameters before outputting them in its properties page. id: CVE-2021-24237 info: name:...

EUVD-2026-15744

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes Listeo Core listeo-core allows Reflected XSS.This issue affects Listeo Core: from n/a through = 2.0.21...

CVE-2026-25461

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes Listeo Core listeo-core allows Reflected XSS.This issue affects Listeo Core: from n/a through = 2.0.21...

CVE-2025-67959

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes WorkScout workscout allows Reflected XSS.This issue affects WorkScout: from n/a through = 4.1.07...

PT-2026-4039

Name of the Vulnerable Software and Affected Versions purethemes WorkScout versions through 4.1.07 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a Reflected Cross-site Scripting XSS condition. This allows an attacker to...

PT-2026-4040

Name of the Vulnerable Software and Affected Versions purethemes WorkScout-Core versions through 1.7.06 Description The software contains a flaw related to improper input handling during web page creation, specifically a Reflected Cross-Site Scripting XSS issue. This allows for the injection of...

PT-2026-1907

Name of the Vulnerable Software and Affected Versions purethemes Listeo Core versions prior to 2.0.19 Description The software contains a flaw related to improper input handling during web page generation, specifically a Reflected Cross-site Scripting XSS issue. This allows for the injection of...

EUVD-2025-35434

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes WorkScout-Core workscout-core allows Reflected XSS.This issue affects WorkScout-Core: from n/a through 1.7.06...

CVE-2025-59571

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes WorkScout-Core workscout-core allows Reflected XSS.This issue affects WorkScout-Core: from n/a through 1.7.06...

EUVD-2025-30477

Malicious code in bioql PyPI...

CVE-2025-59572

Cross-Site Request Forgery CSRF vulnerability in purethemes WorkScout-Core workscout-core allows Cross Site Request Forgery.This issue affects WorkScout-Core: from n/a through 1.7.06...

CVE-2025-59572

Cross-Site Request Forgery CSRF vulnerability in purethemes WorkScout-Core workscout-core allows Cross Site Request Forgery.This issue affects WorkScout-Core: from n/a through 1.7.06...

PT-2025-39046

Name of the Vulnerable Software and Affected Versions WorkScout-Core versions not specified Description A Cross-Site Request Forgery CSRF issue exists in purethemes WorkScout-Core, allowing attackers to perform actions on behalf of authenticated users. This can be exploited by tricking a user int...

PT-2025-35038

Name of the Vulnerable Software and Affected Versions: Listeo-Core versions through 1.9.32 Description: Listeo-Core is susceptible to a SQL Injection issue due to improper neutralization of special elements used in an SQL command. This allows for potential SQL Injection attacks. Recommendations:...

CVE-2025-2232

The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'doregisteruser' function. This makes it possible for...

CVE-2025-2232 Realteo - Real Estate Plugin by Purethemes <= 1.2.8 - Authentication Bypass via 'do_register_user'

The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'doregisteruser' function. This makes it possible for...