VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 4 known issues Latest disclosed Jul 30, 2025

Realtyna Organic IDX plugin + WPL Real Estate Vulnerabilities

Review known vulnerability records for the WordPress plugin Realtyna Organic IDX plugin + WPL Real Estate (`real-estate-listing-realtyna-wpl`), including severity, CVE references, affected versions, and patch status.

View on WordPress.org Back to Feed
Known Records
4
High or Critical
3
Linked CVEs
4
Last Updated
Aug 04, 2025
Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Realtyna Organic IDX plugin + WPL Real Estate so operators can quickly confirm whether a disclosed issue maps to the installed slug and version range.

Patch Visibility
4 records include a published patch path.
Severity Mix
2 critical and 1 high severity finding.
Reference Workflow
Jump from the hub into the full report when you need remediation notes, CVSS vector details, or source references.
Known Vulnerabilities

Reports for Realtyna Organic IDX plugin + WPL Real Estate

Sorted by latest disclosure date so newly published issues surface first.

Plugin High Patched: Yes CVE-2025-54052
Realtyna Organic IDX plugin <= 5.0.0 - Unauthenticated Local File Inclusion

The Realtyna Organic IDX plugin plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 5.0.0. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in...

Published
Jul 30, 2025
Patched Release
5.0.1
Affected Versions
Versions up to 5.0.0
Next Step
Update to 5.0.1 or newer if supported.
Open Full Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2024-38736
Realtyna Organic IDX plugin <= 4.14.13 - Authenticated (Admin+) Arbitrary File Upload

The Realtyna Organic IDX plugin + WPL Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 4.14.13. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

Published
Jul 11, 2024
Patched Release
4.14.14
Affected Versions
Versions up to 4.14.13
Next Step
Update to 4.14.14 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-33924
Realtyna Organic IDX plugin <= 4.14.4 - Reflected Cross-Site Scripting

The Realtyna Organic IDX plugin + WPL Real Estate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

Published
Apr 29, 2024
Patched Release
4.14.8
Affected Versions
Versions up to 4.14.4
Next Step
Update to 4.14.8 or newer if supported.
Open Full Report Open CVE Reference
Plugin Critical Patched: Yes CVE-2024-32128
Realtyna Organic IDX plugin <= 4.14.4 - Unauthenticated SQL Injection

The Realtyna Organic IDX plugin plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 4.14.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauth...

Published
Apr 12, 2024
Patched Release
4.14.8
Affected Versions
Versions up to 4.14.4
Next Step
Update to 4.14.8 or newer if supported.
Open Full Report Open CVE Reference