CVE-2021-24237

Name of the Vulnerable Software and Affected Versions Realteo WordPress plugin versions prior to 1.2.4

Description The issue is related to an unauthenticated reflected Cross-Site Scripting problem. It occurs because the keyword search, search radius, bedrooms, and bathrooms GET parameters are not properly sanitized before being outputted in the properties page. This allows for malicious scripts to be injected and executed.

Recommendations For Realteo WordPress plugin versions prior to 1.2.4, update to version 1.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the properties page or sanitizing the keyword search, search radius, bedrooms, and bathrooms parameters to minimize the risk of exploitation.