cbcvebase.
CVE-2024-32128
published 2024-04-15

CVE-2024-32128: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Realtyna Realtyna Organic IDX plugin.This issue affects…

PriorityP266critical9.3CVSS 3.1
AVNACLPRNUINSCCHINAL
EXPLOIT
EPSS
1.72%
74.6th percentile
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Realtyna Realtyna Organic IDX plugin.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.4.

Affected

1 ranges
VendorProductVersion rangeFixed in
realtynarealtyna_organic_idx_pluginn/a – 4.14.4

Detection & IOCsextracted from sources · hover to see the quote

sigma
title: WordPress Realtyna Organic IDX Plugin SQLi
condition:
  - 'status_code == 200'
  - 'contains(body, "\"success\":1") || contains(body, "\"total\":')'
condition: and
  • Successful SQL injection responses from the Realtyna Organic IDX plugin return HTTP 200 with a JSON body containing either '"success":1' or '"total":' — monitor for these patterns in responses to plugin endpoints.
  • ·Vulnerability affects Realtyna Organic IDX plugin versions from n/a through 4.14.4; ensure detection rules are scoped to requests targeting this plugin's endpoints.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.