GCVE - cpe:2.3:a:purethemes:realteo:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:purethemes:realteo:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Purethemes (`6ab5e8f3-e41b-5944-858e-03509e19c868`)
Product	Realteo (`7e98727c-a97f-5a6d-8cdc-5ac2cc1f250f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-2232`	vulnerable	2026-06-08 07:16:56.528339	Realteo - Real Estate Plugin by Purethemes <= 1.2.8 - Authentication Bypass via 'do_register_user' CRITICAL (9.8) The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'do_register_user' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role. Published: 2025-03-14T11:15:52.827Z Updated: 2026-04-08T17:14:44.752Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/abe73ecd-1325-4d6d-8545-d27f6116ca43?source=cve https://docs.purethemes.net/findeo/knowledge-base/changelog-findeo/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-24238`	vulnerable	2026-06-08 05:30:04.036238	Realteo < 1.2.4 - Arbitrary Property Deletion via IDOR The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the property_id parameter. Published: 2021-04-22T21:00:51.000Z Updated: 2024-08-03T19:21:18.692Z Open on db.gcve.eu Reference links https://www.docs.purethemes.net/findeo/knowledge-base/changelog-findeo/ https://wpscan.com/vulnerability/b8434eb2-f522-484f-9227-5f581e7f48a5 https://m0ze.ru/vulnerability/%5B2021-03-20%5D-%5BWordPress%5D-%5BCWE-284%5D-Findeo-WordPress-Theme-v1.3.0.txt https://m0ze.ru/vulnerability/%5B2021-03-20%5D-%5BWordPress%5D-%5BCWE-284%5D-Realteo-WordPress-Plugin-v1.2.3.txt	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-24237`	vulnerable	2026-06-08 05:30:04.033827	Realteo < 1.2.4 - Unauthenticated Reflected Cross-Site Scripting (XSS) The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its properties page, leading to an unauthenticated reflected Cross-Site Scripting issue. Published: 2021-04-22T21:00:50.000Z Updated: 2024-08-03T19:21:18.662Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/087b27c4-289e-410f-af74-828a608a4e1e https://www.docs.purethemes.net/findeo/knowledge-base/changelog-findeo/ https://m0ze.ru/vulnerability/%5B2021-03-20%5D-%5BWordPress%5D-%5BCWE-79%5D-Findeo-WordPress-Theme-v1.3.0.txt https://m0ze.ru/vulnerability/%5B2021-03-20%5D-%5BWordPress%5D-%5BCWE-79%5D-Realteo-WordPress-Plugin-v1.2.3.txt	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.