15 matches found
EUVD-2021-11152
Malware in sbrugna...
CVE-2025-2232
The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'doregisteruser' function. This makes it possible for...
CVE-2025-2232
The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'doregisteruser' function. This makes it possible for...
CVE-2025-2232
The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'doregisteruser' function. This makes it possible for...
CVE-2025-2232 Realteo - Real Estate Plugin by Purethemes <= 1.2.8 - Authentication Bypass via 'do_register_user'
The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'doregisteruser' function. This makes it possible for...
CVE-2025-2232 Realteo - Real Estate Plugin by Purethemes <= 1.2.8 - Authentication Bypass via 'do_register_user'
The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'doregisteruser' function. This makes it possible for...
CVE-2025-2232
CVE-2025-2232 affects Realteo - Real Estate Plugin for WordPress (Purethemes) up to version 1.2.8. The issue is an authentication bypass via do_register_user, enabling unauthenticated registration with Administrator role. CVSSv3.1 base score is 9.8 (Network, Privileges=None, User Interaction=None...
WordPress Realteo plugin <= 1.2.8 - Authentication Bypass via 'do_register_user' vulnerability
Authentication Bypass via 'doregisteruser' vulnerability discovered by Tonn in WordPress Plugin Realteo versions = 1.2.8...
WordPress plugin Realteo 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress Access Control Error Vulnerability (CNVD-2021-44310)
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An Access Control Error vulnerability exists in Realteo WordPress plugin versions prior to 1.2.4,...
CVE-2021-24237
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not properly sanitise the keywordsearch, searchradius. bedrooms and bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting issue...
Cross site scripting
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not properly sanitise the keywordsearch, searchradius. bedrooms and bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting issue...
WordPress 访问控制错误漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An Access Control Error vulnerability exists in Realteo WordPress plugin versions prior to 1.2.4,...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress plugin Realteo prior to version 1.2.4, whic...
Realteo < 1.2.4 - Arbitrary Property Deletion via IDOR
The plugin, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the propertyid parameter. PoC GET...