WP-Safety

Diverse Solutions IDX Real Estate Listings & MLS Search Security & Risk Analysis

wordpress.org/plugins/dsidxpress

Easily add mobile and SEO-friendly MLS listings to your website to attract & engage visitors, plus lead capture tools to turn them into clients.

1K active installs v3.19.1 PHP 5.4.0+ WP 4.5.0+ Updated Oct 7, 2025
idxlistingsmlsreal-estaterealtor
100
A · Safe
CVEs total1
Unpatched0
Last CVEMay 25, 2014
Plugin page Download
Safety Verdict

Is Diverse Solutions IDX Real Estate Listings & MLS Search Safe to Use in 2026?

Generally Safe

Score 100/100

Diverse Solutions IDX Real Estate Listings & MLS Search has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 25, 2014Updated 5mo ago
Risk Assessment

The dsidxpress plugin v3.19.1 exhibits a mixed security posture. While it demonstrates good practices in areas like capability checks and a low number of external HTTP requests, significant concerns arise from its attack surface and data handling. Specifically, the presence of unprotected AJAX handlers is a notable weakness, potentially allowing unauthorized actions. The taint analysis indicates a high number of flows with unsanitized paths, though no critical or high severity vulnerabilities were found in this specific scan, this pattern suggests potential for future issues if not addressed. The vulnerability history, while showing no currently unpatched CVEs, includes a past medium-severity Cross-site Scripting vulnerability, which, combined with the taint analysis findings, warrants caution. The use of the `unserialize` function without proper sanitization context also presents a risk. The plugin's reliance on raw SQL queries without prepared statements is another area of concern, increasing susceptibility to SQL injection if input is not meticulously handled. Overall, while not critically compromised in this analysis, the plugin requires attention to its input validation, sanitization, and protection of entry points.

Key Concerns

  • Unprotected AJAX handlers
  • High number of unsanitized taint flows
  • Dangerous function: unserialize
  • SQL queries without prepared statements
  • Past medium severity CVE (XSS)
Vulnerabilities
1

Diverse Solutions IDX Real Estate Listings & MLS Search Security Vulnerabilities

CVEs by Year

1 CVE in 2014
2014
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2014-4521medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

dsIDXpress < 2.1.1 - Cross-Site Scripting

May 25, 2014 Patched in 2.1.1 (3530d)
Code Analysis
Analyzed Mar 16, 2026

Diverse Solutions IDX Real Estate Listings & MLS Search Code Analysis

Dangerous Functions
3
Raw SQL Queries
3
0 prepared
Unescaped Output
283
687 escaped
Nonce Checks
3
Capability Checks
14
File Operations
1
External Requests
3
Bundled Libraries
1

Dangerous Functions Found

unserialize$cachedRequestData = $compressCache ? unserialize(gzinflate(base64_decode($cachedRequestData))) : $capi-request.php:68
unserialize$cachedRequestData = $compressCache ? unserialize(gzinflate(base64_decode($cachedRequestData))) : $capi-request.php:81
unserialize$cachedRequestData = $compressCache ? unserialize(gzinflate(base64_decode($cachedRequestData))) : $cdsidxwidgets\api-request.php:52

Bundled Libraries

TinyMCE

SQL Query Safety

0% prepared3 total queries

Output Escaping

71% escaped970 total outputs
Data Flows
13 unsanitized

Data Flow Analysis

18 flows13 with unsanitized paths
LinkBuilderHtml (admin.php:2015)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Diverse Solutions IDX Real Estate Listings & MLS Search Attack Surface

Entry Points10
Unprotected2

AJAX Handlers 6

authwp_ajax_dsidxpress-dismiss-notificationadmin.php:7
authwp_ajax_dsidxpress-dismiss-dev-notificationadmin.php:9
authwp_ajax_dsidx_client_assistajax-handler.php:2
noprivwp_ajax_dsidx_client_assistajax-handler.php:3
authwp_ajax_dsidx_locationslocations.php:2
noprivwp_ajax_dsidx_locationslocations.php:3

Shortcodes 4

[idx-listing] shortcodes.php:422
[idx-listings] shortcodes.php:423
[idx-quick-search] shortcodes.php:424
[idx-registration-form] shortcodes.php:427
WordPress Hooks 65
actionadmin_initadmin.php:3
actionadmin_menuadmin.php:5
actionadmin_noticesadmin.php:6
actionadmin_noticesadmin.php:8
filtermanage_nav-menus_columnsadmin.php:10
actionadmin_print_scriptsadmin.php:11
filternav_menu_items_zpress-pageadmin.php:14
filtermce_external_pluginsadmin.php:26
filtermce_buttonsadmin.php:27
actioninitajax-handler.php:4
actionshutdownapi-multirequest.php:107
actionshutdownapi-multirequest.php:110
actionshutdownapi-multirequest.php:111
actioninitautocomplete-mls-number.php:2
actioninitautocomplete.php:2
actionwpclient.php:2
actionpre_get_postsclient.php:3
filterposts_requestclient.php:4
filterthe_postsclient.php:5
filtercomments_templateclient.php:6
actionwp_headclient.php:26
actionwp_headclient.php:116
filterget_edit_post_linkclient.php:126
filterpost_classclient.php:127
filterwp_redirectclient.php:130
filterredirect_canonicalclient.php:131
filterpage_linkclient.php:132
actionwp_headclient.php:261
actionget_headerclient.php:388
filterpre_get_document_titleclient.php:455
filterwp_titleclient.php:459
actionwp_headclient.php:463
actionwp_headclient.php:466
actionadmin_noticesdsidxpress.php:49
actionplugins_loadeddsidxpress.php:52
actionadmin_enqueue_scriptsdsidxpress.php:95
actionwidgets_initdsidxpress.php:109
filterthe_postsdsidxwidgets\client.php:2
actionwidgets_initdsidxwidgets\dsidxwidgets.php:63
actionwp_footerfooter.php:16
actioninitglobals.php:3
actionwp_print_scriptsglobals.php:4
actionwp_footerglobals.php:7
actionadd_meta_boxesidx-listings-pages.php:3
actionsave_postidx-listings-pages.php:4
filterget_pagesidx-listings-pages.php:5
actionadmin_bar_menuidx-listings-pages.php:7
filterthe_postsidx-listings-pages.php:8
filterbody_classidx-listings-pages.php:9
filterpost_classidx-listings-pages.php:10
actioninitidx-listings-pages.php:11
filtertemplate_includeidx-listings-pages.php:12
actioninitidx-listings-pages.php:14
actioninitidx-listings-pages.php:15
actionpre_get_postsidx-listings-pages.php:16
actionwp_loadedidx-listings-pages.php:80
actionwp_loadedidx-listings-pages.php:83
filterrewrite_rules_arrayrewrite.php:2
filterquery_varsrewrite.php:3
actioninitrewrite.php:4
actionuser_registerroles.php:25
actionwp_headwidget-idx-guided-search.php:2
actionwp_headwidget-idx-quick-search.php:3
filterbwp_gxs_external_pagesxml-sitemaps.php:5
actionsm_buildmapxml-sitemaps.php:8
Maintenance & Trust

Diverse Solutions IDX Real Estate Listings & MLS Search Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedOct 7, 2025
PHP min version5.4.0
Downloads388K

Community Trust

Rating64/100
Number of ratings66
Active installs1K
Alternatives

Diverse Solutions IDX Real Estate Listings & MLS Search Alternatives

Estatik Real Estate Plugin

Estatik Real Estate Plugin

estatik

F
24

You will love its clean design, simple use, and colorful themes. WordPress real estate plugin Estatik is a worthy choice for single agents and portals

10K 2 unpatched
My IDX Home Search

My IDX Home Search

my-idx-home-search

A
91

Supercharge your real estate website for lead generation with a powerful IDX Home Search made by the creators of the leading MLS search for Facebook.

200 2 CVEs
PeakIDX Real Estate Search & Lead Generation

PeakIDX Real Estate Search & Lead Generation

peakidx-real-estate

A
100

Best In Class Website IDX - Premiere Search & Lead Generation for Real Estate Professionals

0 No CVEs
Optima Express IDX

Optima Express IDX

optima-express

A
100

Embed real estate property listings, market reports & MLS data on your WordPress site. Responsive design, great SEO & proven lead capture.

8K 1 CVE
Realtyna Organic IDX plugin + WPL Real Estate

Realtyna Organic IDX plugin + WPL Real Estate

real-estate-listing-realtyna-wpl

A
87

Your comprehensive solution for creating dynamic and feature-rich real estate websites on WordPress. Designed to cater to the diverse needs of real es &hellip;

2K 4 CVEs
Developer Profile

Diverse Solutions IDX Real Estate Listings & MLS Search Developer Profile

Diverse Solutions

1 plugin · 1K total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
3530 days
View full developer profile
Detection Fingerprints

How We Detect Diverse Solutions IDX Real Estate Listings & MLS Search

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/dsidxpress/css/dsidxpress.css/wp-content/plugins/dsidxpress/css/dsidxpress_client.css/wp-content/plugins/dsidxpress/css/dsidxpress_autocomplete.css/wp-content/plugins/dsidxpress/js/dsidxpress_client.js/wp-content/plugins/dsidxpress/js/dsidxpress_quick_search.js/wp-content/plugins/dsidxpress/js/dsidxpress_guided_search.js/wp-content/plugins/dsidxpress/js/dsidxpress_listings.js/wp-content/plugins/dsidxpress/js/dsidxpress_autocomplete.js+1 more
Script Paths
js/dsidxpress_client.jsjs/dsidxpress_quick_search.jsjs/dsidxpress_guided_search.jsjs/dsidxpress_listings.jsjs/dsidxpress_autocomplete.jsjs/dsidxpress_admin_widgets.js
Version Parameters
dsidxpress/css/dsidxpress.css?ver=dsidxpress/js/dsidxpress_client.js?ver=

HTML / DOM Fingerprints

CSS Classes
dsidxpress-containerdsidxpress-wrapperdsidxpress-listings-pagedsidxpress-search-formdsidxpress-search-results
HTML Comments
dsIDXpress Generated ContentdsIDXpress: Property Listings StartdsIDXpress: Property Listings EnddsIDXpress: Search Form Start+1 more
Data Attributes
data-dsidxpress-widget-iddata-dsidxpress-listing-iddata-dsidxpress-search-paramsdata-dsidxpress-api-key
JS Globals
window.dsidxpress_client_optionswindow.dsidxpress_listings_paramswindow.dsidxpress_autocomplete_settings
REST Endpoints
/wp-json/dsidxpress/v1/search/wp-json/dsidxpress/v1/listing/wp-json/dsidxpress/v1/autocomplete
Shortcode Output
[dsidx-listings[dsidx-search[dsidx-single-listing[dsidx-map
FAQ

Frequently Asked Questions about Diverse Solutions IDX Real Estate Listings & MLS Search