Skip to main content

Realtyna Organic Idx Plugin

2 CVEs product

Monthly

CVE-2026-57811 CRITICAL Act Now

Remote code injection in the Realtyna Organic IDX WordPress plugin (real-estate-listing-realtyna-wpl) affects all versions up to and including 5.2.0, allowing remote attackers to inject and execute arbitrary code (described as 'Remote Code Inclusion') against affected WordPress sites. Patchstack assigned a maximum CVSS 3.1 base score of 10.0 with an unauthenticated network vector and scope change, indicating full compromise of the host. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

Code Injection RCE Realtyna Organic Idx Plugin
NVD
CVSS 3.1
10.0
EPSS
0.6%
CVE-2026-45439 CRITICAL Act Now

Unauthenticated SQL injection in Realtyna Organic IDX WordPress plugin (versions 5.1.0 and earlier) allows remote attackers to inject arbitrary SQL into backend queries without credentials. The flaw carries a CVSS 3.1 score of 9.3 with a scope change, indicating impact beyond the plugin's own data boundary, though no public exploit identified at time of analysis. The vulnerability was disclosed via Patchstack and affects WordPress sites running this real-estate listing plugin.

SQLi Realtyna Organic Idx Plugin
NVD
CVSS 3.1
9.3
EPSS
0.3%
EPSS 1% CVSS 10.0
CRITICAL Act Now

Remote code injection in the Realtyna Organic IDX WordPress plugin (real-estate-listing-realtyna-wpl) affects all versions up to and including 5.2.0, allowing remote attackers to inject and execute arbitrary code (described as 'Remote Code Inclusion') against affected WordPress sites. Patchstack assigned a maximum CVSS 3.1 base score of 10.0 with an unauthenticated network vector and scope change, indicating full compromise of the host. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV.

Code Injection RCE Realtyna Organic Idx Plugin
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Unauthenticated SQL injection in Realtyna Organic IDX WordPress plugin (versions 5.1.0 and earlier) allows remote attackers to inject arbitrary SQL into backend queries without credentials. The flaw carries a CVSS 3.1 score of 9.3 with a scope change, indicating impact beyond the plugin's own data boundary, though no public exploit identified at time of analysis. The vulnerability was disclosed via Patchstack and affects WordPress sites running this real-estate listing plugin.

SQLi Realtyna Organic Idx Plugin
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy