CVE-2024-32128
published 2024-04-15CVE-2024-32128: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Realtyna Realtyna Organic IDX plugin.This issue affects…
PriorityP266critical9.3CVSS 3.1
AVNACLPRNUINSCCHINAL
EXPLOIT
EPSS
1.72%
74.6th percentile
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Realtyna Realtyna Organic IDX plugin.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.4.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| realtyna | realtyna_organic_idx_plugin | n/a – 4.14.4 | — |
Detection & IOCsextracted from sources · hover to see the quote
sigma
title: WordPress Realtyna Organic IDX Plugin SQLi condition: - 'status_code == 200' - 'contains(body, "\"success\":1") || contains(body, "\"total\":')' condition: and
- →Successful SQL injection responses from the Realtyna Organic IDX plugin return HTTP 200 with a JSON body containing either '"success":1' or '"total":' — monitor for these patterns in responses to plugin endpoints.
- ·Vulnerability affects Realtyna Organic IDX plugin versions from n/a through 4.14.4; ensure detection rules are scoped to requests targeting this plugin's endpoints. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
WordPress Realtyna Organic IDX Plugin <= 4.14.4 - Unauthenticated SQL Injection
nuclei·CVSS 9.3
CVE-2024-32128 [CRITICAL] WordPress Realtyna Organic IDX Plugin <= 4.14.4 - Unauthenticated SQL Injection
WordPress Realtyna Organic IDX Plugin =6'
- 'status_code == 200'
- 'contains(body, "\"success\":1") || contains(body, "\"total\":")'
condition: and
# digest: 490a0046304402200b3c851123eef9d1a10a07382ef58ab3587efa90b57c09dd472b4d1438495adb022029a07e8c5a084c0b222cad02a34bd5cc044f0678039a4ff64c86de9d2d74ca41:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
https://patchstack.com/database/vulnerability/real-estate-listing-realtyna-wpl/wordpress-realtyna-organic-idx-plugin-wpl-real-estate-plugin-4-14-4-unauthenticated-sql-injection-vulnerability?_s_id=cvehttps://patchstack.com/database/vulnerability/real-estate-listing-realtyna-wpl/wordpress-realtyna-organic-idx-plugin-wpl-real-estate-plugin-4-14-4-unauthenticated-sql-injection-vulnerability?_s_id=cve
2024-04-15
Published