What the vulnerability does
01Description
Unauthenticated SQL Injection in Realtyna Organic IDX plugin <= 5.1.0 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
What the vulnerability does
Unauthenticated SQL Injection in Realtyna Organic IDX plugin <= 5.1.0 versions.
Explanation of Vulnerability in Simple Terms
The Realtyna Organic IDX plugin through version 5.1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to query the site's database directly. An attacker can extract sensitive data including user credentials, configuration details, and other stored information. The vulnerability requires no user interaction and can be exploited over the network.
What an attacker can do
Extract sensitive data from the site's database, including user credentials and configuration details.
Potential impact on your site
Attackers can read all database contents without logging in, exposing user data and site configuration.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities