20 matches found
EUVD-2025-13394
Malicious code in bioql PyPI...
EUVD-2025-12131
Malicious code in bioql PyPI...
CVE-2025-3609
The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 2.1.2. This is due to the 'realesusersignupform' AJAX action not verifying if user registration is enabled, prior to registering a user. This makes it possible for...
CVE-2025-3610
The Reales WP STPT plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.1.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for authenticat...
CVE-2025-3609
The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 2.1.2. This is due to the 'realesusersignupform' AJAX action not verifying if user registration is enabled, prior to registering a user. This makes it possible for...
CVE-2025-3609 Reales WP STPT <= 2.1.2 - Unauthorized User Registration
The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 2.1.2. This is due to the 'realesusersignupform' AJAX action not verifying if user registration is enabled, prior to registering a user. This makes it possible for...
CVE-2025-3609 Reales WP STPT <= 2.1.2 - Unauthorized User Registration
The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 2.1.2. This is due to the 'realesusersignupform' AJAX action not verifying if user registration is enabled, prior to registering a user. This makes it possible for...
CVE-2025-3609
CVE-2025-3609: Reales WP STPT for WordPress allows unauthenticated user registration via the reales_user_signup_form AJAX action in all versions up to 2.1.2, due to a missing check on whether user registration is enabled. Root cause is the action not verifying the registration state before creati...
CVE-2025-3610 Reales WP STPT <= 2.1.2 - Authenticated (Subscriber+) Privilege Escalation via Password Update
The Reales WP STPT plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.1.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for authenticat...
CVE-2025-3610 Reales WP STPT <= 2.1.2 - Authenticated (Subscriber+) Privilege Escalation via Password Update
The Reales WP STPT plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.1.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it possible for authenticat...
PT-2025-19823 · WordPress · Reales Wp Stpt
Name of the Vulnerable Software and Affected Versions: Reales WP STPT plugin for WordPress versions up to and including 2.1.2 Description: The issue allows unauthorized user registration due to the 'reales user signup form' AJAX action not checking if user registration is enabled before registeri...
WordPress plugin Reales WP STPT 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress Reales WP STPT plugin <= 2.1.2 - Unauthorized User Registration vulnerability
Unauthorized User Registration vulnerability discovered by Foxyyy in WordPress Plugin Reales WP STPT versions = 2.1.2...
CVE-2024-13307
The Reales WP - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'realesdeletefile', 'realesdeletefileplans', 'realesaddtofavourites', and 'realesremovefromfavourites' functions in all versions up...
CVE-2024-13307 Reales WP - Real Estate WordPress Theme <= 2.1.2 - Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updates
The Reales WP - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'realesdeletefile', 'realesdeletefileplans', 'realesaddtofavourites', and 'realesremovefromfavourites' functions in all versions up...
CVE-2024-13307 Reales WP - Real Estate WordPress Theme <= 2.1.2 - Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updates
The Reales WP - Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'realesdeletefile', 'realesdeletefileplans', 'realesaddtofavourites', and 'realesremovefromfavourites' functions in all versions up...
CVE-2024-13307
CVE-2024-13307 concerns the Reales WP Real Estate WordPress Theme (versions
PT-2025-17707 · WordPress · The Reales Wp
Name of the Vulnerable Software and Affected Versions: The Reales WP - Real Estate WordPress Theme versions up to, and including, 2.1.2 Description: The issue allows unauthorized modification and loss of data due to a missing capability check on the reales delete file, reales delete file plans,...
WordPress Reales WP theme <= 2.1.2 - Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updates vulnerability
Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updates vulnerability discovered by Lucio Sá in WordPress Theme Reales WP versions = 2.1.2...
WordPress Reales WP Theme <= 2.1.2 is vulnerable to Broken Access Control
Software Reales WP Type Theme Vulnerable versions = 2.1.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-13307 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 235c47c33cda Credits Lucio Sá Required privilege...