Vulnerability Description
The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Purethemes | Findeo | < 1.3.1 |
| Purethemes | Realteo | < 1.2.4 |
Related Weaknesses (CWE)
References
- https://m0ze.ru/vulnerability/%5B2021-03-20%5D-%5BWordPress%5D-%5BCWE-79%5D-Find
- https://m0ze.ru/vulnerability/%5B2021-03-20%5D-%5BWordPress%5D-%5BCWE-79%5D-Real
- https://wpscan.com/vulnerability/087b27c4-289e-410f-af74-828a608a4e1eExploitThird Party Advisory
- https://www.docs.purethemes.net/findeo/knowledge-base/changelog-findeo/Release NotesVendor Advisory
- https://m0ze.ru/vulnerability/%5B2021-03-20%5D-%5BWordPress%5D-%5BCWE-79%5D-Find
- https://m0ze.ru/vulnerability/%5B2021-03-20%5D-%5BWordPress%5D-%5BCWE-79%5D-Real
- https://wpscan.com/vulnerability/087b27c4-289e-410f-af74-828a608a4e1eExploitThird Party Advisory
- https://www.docs.purethemes.net/findeo/knowledge-base/changelog-findeo/Release NotesVendor Advisory
FAQ
What is CVE-2021-24237?
CVE-2021-24237 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its ...
How severe is CVE-2021-24237?
CVE-2021-24237 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24237?
Check the references section above for vendor advisories and patch information. Affected products include: Purethemes Findeo, Purethemes Realteo.