32 matches found
WordPress Realteo <=1.2.3 - Cross-Site Scripting
WordPress Realteo plugin 1.2.3 and prior contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of keywordsearch, searchradius. bedrooms and bathrooms GET parameters before outputting them in its properties page. id: CVE-2021-24237 info: name:...
EUVD-2021-11152
Malware in sbrugna...
EUVD-2025-6416
Malicious code in bioql PyPI...
CVE-2021-24237
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not properly sanitise the keywordsearch, searchradius. bedrooms and bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting issue...
CVE-2021-24238
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the propertyid parameter...
CVE-2025-2232
The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'doregisteruser' function. This makes it possible for...
CVE-2025-2232
The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'doregisteruser' function. This makes it possible for...
CVE-2025-2232
The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'doregisteruser' function. This makes it possible for...
CVE-2025-2232 Realteo - Real Estate Plugin by Purethemes <= 1.2.8 - Authentication Bypass via 'do_register_user'
The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'doregisteruser' function. This makes it possible for...
CVE-2025-2232 Realteo - Real Estate Plugin by Purethemes <= 1.2.8 - Authentication Bypass via 'do_register_user'
The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'doregisteruser' function. This makes it possible for...
CVE-2025-2232
CVE-2025-2232 affects Realteo - Real Estate Plugin for WordPress (Purethemes) up to version 1.2.8. The issue is an authentication bypass via do_register_user, enabling unauthenticated registration with Administrator role. CVSSv3.1 base score is 9.8 (Network, Privileges=None, User Interaction=None...
WordPress Realteo plugin <= 1.2.8 - Authentication Bypass via 'do_register_user' vulnerability
Authentication Bypass via 'doregisteruser' vulnerability discovered by Tonn in WordPress Plugin Realteo versions = 1.2.8...
WordPress plugin Realteo 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress Access Control Error Vulnerability (CNVD-2021-44310)
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An Access Control Error vulnerability exists in Realteo WordPress plugin versions prior to 1.2.4,...
CVE-2021-24237
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not properly sanitise the keywordsearch, searchradius. bedrooms and bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting issue...
CVE-2021-24238
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the propertyid parameter...
CVE-2021-24238
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the propertyid parameter...
CVE-2021-24237
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not properly sanitise the keywordsearch, searchradius. bedrooms and bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting issue...
Design/Logic Flaw
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the propertyid parameter...
Cross site scripting
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not properly sanitise the keywordsearch, searchradius. bedrooms and bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting issue...