CVE-2021-24237

CVE-2021-24237: Realteo < 1.2.4 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Vendor Purethemes
Product Realteo
Weakness CWE-79 · XSS
Published April 22, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting issue.

Key dates

02Disclosure timeline

April 22, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE