CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24656 – WordPress Realtyna Provisioning Plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-24656
15 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Realtyna Realtyna Provisioning allows Reflected XSS. This issue affects Realtyna Provisioning: from n/a through 1.2.2. The Realtyna Provisioning plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page... • https://patchstack.com/database/wordpress/plugin/realtyna-provisioning/vulnerability/wordpress-realtyna-provisioning-plugin-1-2-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38736 – WordPress Realtyna Organic IDX plugin <= 4.14.13 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-38736
11 Jul 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Realtyna Realtyna Organic IDX plugin allows Code Injection.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.13. The Realtyna Organic IDX plugin + WPL Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 4.14.13. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may m... • https://patchstack.com/database/vulnerability/real-estate-listing-realtyna-wpl/wordpress-realtyna-organic-idx-plugin-4-14-13-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33924 – WordPress Realtyna Organic IDX plugin + WPL Real Estate plugin <= 4.14.4 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-33924
29 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Realtyna Realtyna Organic IDX plugin allows Reflected XSS.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.4. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en el complemento Realtyna Realtyna Organic IDX permite Reflected XSS. Este problema afecta al complemento Realtyna Organic IDX: desde n/a hasta 4.14.4. The... • https://patchstack.com/database/vulnerability/real-estate-listing-realtyna-wpl/wordpress-realtyna-organic-idx-plugin-wpl-real-estate-plugin-4-14-4-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32128 – WordPress Realtyna Organic IDX plugin + WPL Real Estate plugin <= 4.14.4 - Unauthenticated SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-32128
12 Apr 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Realtyna Realtyna Organic IDX plugin.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.4. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en el complemento Realtyna Realtyna Organic IDX. Este problema afecta al complemento Realtyna Organic IDX: desde n/a hasta 4.14.4. The Realtyna Organic IDX plugin plugin for WordPress ... • https://patchstack.com/database/vulnerability/real-estate-listing-realtyna-wpl/wordpress-realtyna-organic-idx-plugin-wpl-real-estate-plugin-4-14-4-unauthenticated-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 3%CPEs: 1EXPL: 2CVE-2015-7714 – Joomla! Component Realtyna RPL 8.9.2 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2015-7714
23 Oct 2015 — Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allow remote administrators to execute arbitrary SQL commands via the (1) id, (2) copy_field in a data_copy action, (3) pshow in an update_field action, (4) css, (5) tip, (6) cat_id, (7) text_search, (8) plisting, or (9) pwizard parameter to administrator/index.php. Múltiples inyecciones SQL en el componente Realtyna RPL (com_rpl) en versiones anteriores a la 8.9.5 para Joomla! permiten que administradore... • https://packetstorm.news/files/id/134066 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2015-7715 – Joomla! Component Realtyna RPL 8.9.2 - Persistent Cross-Site Scripting / Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-7715
23 Oct 2015 — Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests that add a user via an add_user action to administrator/index.php. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el componente Realtyna RPL (com_rpl) en versiones anteriores a la 8.9.5 para Joomla! permite que atacantes remotos secuestren la autenticación de administradores para peticiones que añadan un u... • https://packetstorm.news/files/id/134067 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 4CVE-2010-2682 – Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-2682
09 Jul 2010 — Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Realtyna Translator (com_realtyna) v1.0.15 para Joomla!, permite a atacantes remotos leer ficheros arbitrarios y tener posiblemente otro tipo de impacto no especificado al utilizar caracteres .. • https://www.exploit-db.com/exploits/14017 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 12%CPEs: 20EXPL: 3CVE-2010-1307 – Joomla! Component Magic Updater - Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-1307
08 Apr 2010 — Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Vulnerabilidad de salto de directorio en el componente Magic Updater (com_joomlaupdater) para Joomla! permite a atacantes remotos leer archivos de su elección a través de .. • https://www.exploit-db.com/exploits/12070 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •