Does Apimo Connector have any unpatched vulnerabilities?

Yes — Apimo Connector currently has 2 unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is Apimo Connector compatible with WordPress 6.7.5?

According to WordPress.org data, Apimo Connector 2.6.5.1 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

How often is Apimo Connector updated?

Apimo Connector was last updated on Mar 12, 2026. Frequent updates are generally a positive security signal.

What is Apimo Connector's security score?

Apimo Connector has a WP-Safety security score of 56/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Apimo Connector Security & Risk Analysis

wordpress.org/plugins/apimo

Are you a real estate agent or broker looking for a way to streamline your business operations? Look no further! Our plugin is here to help.

100 active installs v2.6.5.1 PHP + WP + Updated Mar 12, 2026

clientsleadslistingsproperty-managementreal-estate

C · Use Caution

CVEs total2

Unpatched2

Last CVEJan 3, 2026

Download

Safety Verdict

Is Apimo Connector Safe to Use in 2026?

Use With Caution

Score 56/100

Apimo Connector has 2 unpatched vulnerabilities. Evaluate alternatives or apply available mitigations.

2 known CVEs 2 unpatched Last CVE: Jan 3, 2026Updated 22d ago

Risk Assessment

The 'apimo' plugin v2.6.5.1 presents a mixed security posture with several concerning findings despite some good practices. While it demonstrates a high percentage of prepared SQL statements and properly escaped outputs, the presence of multiple unprotected AJAX handlers and unsanitized path taint flows are significant risks. The fact that 4 out of 14 entry points lack authentication checks directly exposes functionality to potential abuse by unauthenticated users. Furthermore, the taint analysis reveals 2 high-severity flows with unsanitized paths, indicating potential for injection vulnerabilities if these paths are exploited.

The plugin's vulnerability history, with two known medium-severity CVEs, both currently unpatched, and a recent one in early 2026, suggests a pattern of developing vulnerabilities that are not promptly addressed. The common types of past vulnerabilities, Missing Authorization and CSRF, align with the current findings of unprotected AJAX handlers. The presence of 'unserialize' as a dangerous function, while not explicitly linked to a taint flow in the provided data, is a known risk factor that should be monitored.

In conclusion, while 'apimo' exhibits some solid security coding habits, the identified unprotected entry points, high-severity taint flows, and unpatched past vulnerabilities create a notable risk. Users should be cautious and prioritize patching any known vulnerabilities. The high number of dangerous functions and the ongoing discovery of vulnerabilities warrant careful review and potential mitigation strategies.

Key Concerns

Unprotected AJAX handlers detected
High severity unsanitized path taint flows
Unpatched CVEs detected (2 medium)
Dangerous functions (unserialize) found
Missing nonce checks found
Limited capability checks found

Vulnerabilities

Apimo Connector Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2026-22445medium · 5.3Missing Authorization

Apimo Connector <= 2.6.4 - Missing Authorization

Jan 3, 2026Unpatched

CVE-2025-31602medium · 4.3Cross-Site Request Forgery (CSRF)

Apimo Connector <= 2.6.3.1 - Cross-Site Request Forgery to Settings Update

Mar 31, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Apimo Connector Code Analysis

Dangerous Functions

Raw SQL Queries

70 prepared

Unescaped Output

171

1164 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializeglobal $wpdb;action-scheduler\classes\data-stores\ActionScheduler_DBStore.php:433

unserialize$agreement = unserialize($serialized_agreement);templates\single_property_style_1.php:989

unserialize$apimo_gallery_images = unserialize($metas['apimo_gallery_images'][0]);templates\single_property_style_1.php:1060

unserializeforeach (unserialize($metas['apimo_gallery_images'][0]) as $gallery_image) {templates\single_property_style_1.php:1062

unserializeforeach (unserialize($metas['apimo_content'][0]) as $language) {templates\single_property_style_1.php:1291

unserialize$residence = unserialize($serialized_residence);templates\single_property_style_1.php:1526

unserialize$location = unserialize($serializedLocation);templates\single_property_style_1.php:1573

unserialize$unserializedData = @unserialize($apimo_medias_data[0]);templates\single_property_style_1.php:1654

unserialize$media_unserialized = unserialize($media_serialized);templates\single_property_style_1.php:1662

unserialize$unserializedArray = unserialize($metas['apimo_regulations'][0]);templates\single_property_style_1.php:1770

unserialize$doc = unserialize($serializedDoc);templates\single_property_style_1.php:1849

unserialize$doc = unserialize($serializedDoc);templates\single_property_style_1.php:1878

unserialize$user = unserialize($serialized_user);templates\single_property_style_1.php:1974

unserialize$location = unserialize($serializedLocation);templates\single_property_style_2.php:1307

unserialize$unserializedArray = unserialize($metas['apimo_regulations'][0]);templates\single_property_style_2.php:1396

unserialize$unserializedData = @unserialize($apimo_medias_data[0]);templates\single_property_style_2.php:1486

unserialize$doc = unserialize($serializedDoc);templates\single_property_style_2.php:1538

unserialize$doc = unserialize($serializedDoc);templates\single_property_style_2.php:1554

unserialize$contents = unserialize($metas['apimo_content'][0]);templates\template_archive_block.php:310

unserializeforeach (unserialize($metas['apimo_content'][0]) as $language) {templates\template_archive_block.php:389

Bundled Libraries

Select2

SQL Query Safety

86% prepared81 total queries

Output Escaping

87% escaped1335 total outputs

Data Flows

7 unsanitized

Data Flow Analysis

11 flows7 with unsanitized paths

prepare_items (action-scheduler\classes\abstracts\ActionScheduler_Abstract_ListTable.php:797)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Apimo Connector Attack Surface

Entry Points14

Unprotected4

AJAX Handlers 12

authwp_ajax_apimo_check_api_keyincludes\apimo_ajax.php:3

noprivwp_ajax_apimo_check_api_keyincludes\apimo_ajax.php:5

authwp_ajax_apimo_run_menual_schedulerincludes\apimo_ajax.php:85

noprivwp_ajax_apimo_run_menual_schedulerincludes\apimo_ajax.php:87

authwp_ajax_apimo_shortcode_paginationincludes\apimo_ajax.php:115

noprivwp_ajax_apimo_shortcode_paginationincludes\apimo_ajax.php:117

authwp_ajax_apimo_archive_filterincludes\apimo_ajax.php:174

noprivwp_ajax_apimo_archive_filterincludes\apimo_ajax.php:176

authwp_ajax_apimo_save_shortcodeincludes\apimo_ajax.php:1018

noprivwp_ajax_apimo_save_shortcodeincludes\apimo_ajax.php:1019

authwp_ajax_apimo_delete_shortcodeincludes\apimo_ajax.php:1061

noprivwp_ajax_apimo_delete_shortcodeincludes\apimo_ajax.php:1062

Shortcodes 2

[search_property] includes\search_shortcode.php:1461

[apimo] includes\shortcode.php:5

WordPress Hooks 97

actionplugins_loadedaction-scheduler\action-scheduler.php:13

actionplugins_loadedaction-scheduler\action-scheduler.php:19

actioninitaction-scheduler\classes\abstracts\ActionScheduler.php:303

actioninitaction-scheduler\classes\abstracts\ActionScheduler.php:305

actioninitaction-scheduler\classes\abstracts\ActionScheduler.php:307

actioninitaction-scheduler\classes\abstracts\ActionScheduler.php:309

actionaction_scheduler/migration_completeaction-scheduler\classes\abstracts\ActionScheduler.php:367

actionaction_scheduler_canceled_actionaction-scheduler\classes\abstracts\ActionScheduler_Logger.php:99

actionaction_scheduler_begin_executeaction-scheduler\classes\abstracts\ActionScheduler_Logger.php:101

actionaction_scheduler_after_executeaction-scheduler\classes\abstracts\ActionScheduler_Logger.php:103

actionaction_scheduler_failed_executionaction-scheduler\classes\abstracts\ActionScheduler_Logger.php:105

actionaction_scheduler_failed_actionaction-scheduler\classes\abstracts\ActionScheduler_Logger.php:107

actionaction_scheduler_unexpected_shutdownaction-scheduler\classes\abstracts\ActionScheduler_Logger.php:109

actionaction_scheduler_reset_actionaction-scheduler\classes\abstracts\ActionScheduler_Logger.php:111

actionaction_scheduler_execution_ignoredaction-scheduler\classes\abstracts\ActionScheduler_Logger.php:113

actionaction_scheduler_failed_fetch_actionaction-scheduler\classes\abstracts\ActionScheduler_Logger.php:115

actionaction_scheduler_failed_to_schedule_next_instanceaction-scheduler\classes\abstracts\ActionScheduler_Logger.php:117

actionaction_scheduler_bulk_cancel_actionsaction-scheduler\classes\abstracts\ActionScheduler_Logger.php:119

actionaction_scheduler_stored_actionaction-scheduler\classes\abstracts\ActionScheduler_Logger.php:127

actionwoocommerce_admin_status_content_action-scheduleraction-scheduler\classes\ActionScheduler_AdminView.php:73

actionwoocommerce_system_status_reportaction-scheduler\classes\ActionScheduler_AdminView.php:75

filterwoocommerce_admin_status_tabsaction-scheduler\classes\ActionScheduler_AdminView.php:77

actionadmin_menuaction-scheduler\classes\ActionScheduler_AdminView.php:83

actioncurrent_screenaction-scheduler\classes\ActionScheduler_AdminView.php:87

filteraction_scheduler_store_classaction-scheduler\classes\ActionScheduler_DataController.php:333

filteraction_scheduler_logger_classaction-scheduler\classes\ActionScheduler_DataController.php:335

actiondeactivate_pluginaction-scheduler\classes\ActionScheduler_DataController.php:337

actionaction_scheduler/progress_tickaction-scheduler\classes\ActionScheduler_DataController.php:347

actionshutdownaction-scheduler\classes\ActionScheduler_FatalErrorMonitor.php:37

actionaction_scheduler_before_executeaction-scheduler\classes\ActionScheduler_FatalErrorMonitor.php:39

actionaction_scheduler_after_executeaction-scheduler\classes\ActionScheduler_FatalErrorMonitor.php:41

actionaction_scheduler_execution_ignoredaction-scheduler\classes\ActionScheduler_FatalErrorMonitor.php:43

actionaction_scheduler_failed_executionaction-scheduler\classes\ActionScheduler_FatalErrorMonitor.php:45

actionaction_scheduler/created_tableaction-scheduler\classes\ActionScheduler_ListTable.php:1021

filtercron_schedulesaction-scheduler\classes\ActionScheduler_QueueRunner.php:101

actionshutdownaction-scheduler\classes\ActionScheduler_QueueRunner.php:147

actionpre_get_commentsaction-scheduler\classes\ActionScheduler_WPCommentCleaner.php:87

actionwp_count_commentsaction-scheduler\classes\ActionScheduler_WPCommentCleaner.php:89

actioncomment_feed_whereaction-scheduler\classes\ActionScheduler_WPCommentCleaner.php:91

actionload-tools_page_action-scheduleraction-scheduler\classes\ActionScheduler_WPCommentCleaner.php:97

actionload-woocommerce_page_wc-statusaction-scheduler\classes\ActionScheduler_WPCommentCleaner.php:99

actionadmin_noticesaction-scheduler\classes\ActionScheduler_WPCommentCleaner.php:181

actionaction_scheduler_deleted_actionaction-scheduler\classes\data-stores\ActionScheduler_DBLogger.php:215

actionaction_scheduler/created_tableaction-scheduler\classes\data-stores\ActionScheduler_HybridStore.php:111

filtercomments_clausesaction-scheduler\classes\data-stores\ActionScheduler_wpCommentLogger.php:203

actionaction_scheduler_before_process_queueaction-scheduler\classes\data-stores\ActionScheduler_wpCommentLogger.php:437

actionaction_scheduler_after_process_queueaction-scheduler\classes\data-stores\ActionScheduler_wpCommentLogger.php:439

actionpre_get_commentsaction-scheduler\classes\data-stores\ActionScheduler_wpCommentLogger.php:447

actionwp_count_commentsaction-scheduler\classes\data-stores\ActionScheduler_wpCommentLogger.php:449

actioncomment_feed_whereaction-scheduler\classes\data-stores\ActionScheduler_wpCommentLogger.php:451

actionwp_insert_commentaction-scheduler\classes\data-stores\ActionScheduler_wpCommentLogger.php:457

actionwp_set_comment_statusaction-scheduler\classes\data-stores\ActionScheduler_wpCommentLogger.php:459

filterwp_insert_post_dataaction-scheduler\classes\data-stores\ActionScheduler_wpPostStore.php:103

filterpre_wp_unique_post_slugaction-scheduler\classes\data-stores\ActionScheduler_wpPostStore.php:105

filterpre_wp_unique_post_slugaction-scheduler\classes\data-stores\ActionScheduler_wpPostStore.php:847

filterwp_insert_post_dataaction-scheduler\classes\data-stores\ActionScheduler_wpPostStore.php:1507

filterpre_wp_unique_post_slugaction-scheduler\classes\data-stores\ActionScheduler_wpPostStore.php:1509

filteraction_scheduler_migration_dependencies_metaction-scheduler\classes\data-stores\ActionScheduler_wpPostStore.php:1655

actionadmin_noticesaction-scheduler\classes\migration\Controller.php:309

filteraction_scheduler_store_classaction-scheduler\classes\migration\Controller.php:337

filteraction_scheduler_logger_classaction-scheduler\classes\migration\Controller.php:339

actioninitaction-scheduler\classes\migration\Controller.php:341

actionwp_loadedaction-scheduler\classes\migration\Controller.php:343

actionload-tools_page_action-scheduleraction-scheduler\classes\migration\Controller.php:349

actionload-woocommerce_page_wc-statusaction-scheduler\classes\migration\Controller.php:351

actionaction_scheduler_before_schema_updateaction-scheduler\classes\schema\ActionScheduler_LoggerSchema.php:55

actionaction_scheduler_before_schema_updateaction-scheduler\classes\schema\ActionScheduler_StoreSchema.php:65

actionaction_scheduler_before_executeaction-scheduler\classes\WP_CLI\ActionScheduler_WPCLI_QueueRunner.php:157

actionaction_scheduler_after_executeaction-scheduler\classes\WP_CLI\ActionScheduler_WPCLI_QueueRunner.php:159

actionaction_scheduler_failed_executionaction-scheduler\classes\WP_CLI\ActionScheduler_WPCLI_QueueRunner.php:161

actionaction_scheduler/migrate_action_dry_runaction-scheduler\classes\WP_CLI\Migration_Command.php:251

actionaction_scheduler/no_action_to_migrateaction-scheduler\classes\WP_CLI\Migration_Command.php:257

actionaction_scheduler/migrate_action_failedaction-scheduler\classes\WP_CLI\Migration_Command.php:263

actionaction_scheduler/migrate_action_incompleteaction-scheduler\classes\WP_CLI\Migration_Command.php:269

actionaction_scheduler/migrated_actionaction-scheduler\classes\WP_CLI\Migration_Command.php:275

actionaction_scheduler/migration_batch_startingaction-scheduler\classes\WP_CLI\Migration_Command.php:281

actionaction_scheduler/migration_batch_completeaction-scheduler\classes\WP_CLI\Migration_Command.php:287

actioninitadmin\add_property.php:26

actionapimo_import_property_recurringadmin\add_property.php:136

actionapimo_fetch_property_manualadmin\add_property.php:138

actionwpadmin\add_property.php:146

actionapimo_import_single_propertyadmin\add_property.php:172

actioninitapimo.php:267

actionpre_get_postsapimo.php:329

actionwp_enqueue_scriptsapimo.php:333

actionadmin_enqueue_scriptsapimo.php:473

actionadmin_menuapimo.php:585

actionwp_headapimo.php:946

actionadd_meta_boxesincludes\metabox.php:5

actionsave_postincludes\metabox.php:659

actioninitincludes\posttype_and_taxonomy.php:138

actioninitincludes\posttype_and_taxonomy.php:148

filtertemplate_includeincludes\posttype_and_taxonomy.php:1306

filtermanage_property_posts_columnsincludes\posttype_and_taxonomy.php:1335

actionmanage_property_posts_custom_columnincludes\posttype_and_taxonomy.php:1369

actionwp_footertemplates\single_property_style_2.php:1925

actionadmin_noticesuninstall.php:143

Maintenance & Trust

Apimo Connector Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedMar 12, 2026

PHP min version

Downloads6K

Community Trust

Rating80/100

Number of ratings6

Active installs100

Alternatives

Apimo Connector Alternatives

Realty Portal – Floor Plan

realty-portal-floor-plan

Stable tag: 0.3.1 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html An add-on to display detailed information of propert …

60 No CVEs

Realty Portal – Advanced Search

realty-portal-advanced-search

Stable tag: 0.3.3 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html An add-on to manage agents and their information rig …

40 No CVEs

Realty Portal – Agent Dashboard

realty-portal-agent-dashboard

Stable tag: 0.3.1 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html Fast, Powerful, Flexible solution for real estate ag …

40 No CVEs

Realty Portal – Agent Profile

realty-portal-agent-profile

Stable tag: 0.3.1 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html The add-on to help agents manage all personal inform …

40 No CVEs

Realty Portal – Nearby Places

realty-portal-nearby-places

Stable tag: 0.3.2 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html Quickly display places nearby the property.

40 No CVEs

Developer Profile

Apimo Connector Developer Profile

Proptech Plugin

1 plugin · 100 total installs

trust score

Avg Security Score

56/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Apimo Connector

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/apimo/assets/css/frontend.css/wp-content/plugins/apimo/assets/css/slick-theme.css/wp-content/plugins/apimo/assets/css/slick.css/wp-content/plugins/apimo/assets/css/select2.min.css/wp-content/plugins/apimo/assets/css/daterangepicker.css/wp-content/plugins/apimo/assets/css/app.css/wp-content/plugins/apimo/assets/js/jquery.bpopup.min.js/wp-content/plugins/apimo/assets/js/frontend.js+6 more

Script Paths

/wp-content/plugins/apimo/assets/js/jquery.bpopup.min.js/wp-content/plugins/apimo/assets/js/frontend.js/wp-content/plugins/apimo/assets/js/select2.min.js/wp-content/plugins/apimo/assets/js/slick.min.js/wp-content/plugins/apimo/assets/js/pagination.min.js/wp-content/plugins/apimo/assets/js/moment.min.js+2 more

Version Parameters

apimo/assets/css/frontend.css?ver=apimo/assets/css/slick-theme.css?ver=apimo/assets/css/slick.css?ver=apimo/assets/css/select2.min.css?ver=apimo/assets/css/daterangepicker.css?ver=apimo/assets/css/app.css?ver=apimo/assets/js/jquery.bpopup.min.js?ver=apimo/assets/js/frontend.js?ver=apimo/assets/js/select2.min.js?ver=apimo/assets/js/slick.min.js?ver=apimo/assets/js/pagination.min.js?ver=apimo/assets/js/moment.min.js?ver=apimo/assets/js/daterangepicker.js?ver=apimo/assets/js/fslightbox.js?ver=

HTML / DOM Fingerprints

CSS Classes

apimo-gallery-itemapimo-gallery-slider-itemapimo-gallery-item-sliderapimo-gallery-item-overlayapimo-gallery-item-overlay-sliderapimo-gallery-item-overlay-titleapimo-gallery-item-overlay-title-sliderapimo-gallery-item-overlay-info+49 more

Data Attributes

data-apimo-gallery-item-iddata-apimo-gallery-item-titledata-apimo-gallery-item-descriptiondata-apimo-gallery-item-pricedata-apimo-gallery-item-old-pricedata-apimo-gallery-item-new-price+5 more

JS Globals

admin_urls

FAQ

Apimo Connector Security & Risk Analysis

Is Apimo Connector Safe to Use in 2026?

Use With Caution

Key Concerns

Apimo Connector Security Vulnerabilities

CVEs by Year

Severity Breakdown

Apimo Connector Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Apimo Connector Attack Surface

AJAX Handlers 12

Shortcodes 2

Apimo Connector Maintenance & Trust

Maintenance Signals

Community Trust

Apimo Connector Alternatives

Realty Portal – Floor Plan

Realty Portal – Advanced Search

Realty Portal – Agent Dashboard

Realty Portal – Agent Profile

Realty Portal – Nearby Places

Apimo Connector Developer Profile

How We Detect Apimo Connector

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Apimo Connector