Easy Property Listings Security & Risk Analysis
wordpress.org/plugins/easy-property-listingsFast. Flexible. Forward-thinking solution for real estate agents using WordPress. Built for scale, listing management and works with any theme.
Is Easy Property Listings Safe to Use in 2026?
High Risk
Score 42/100Easy Property Listings carries significant security risk with 8 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.
The "easy-property-listings" plugin, in version 3.5.21, presents a mixed security posture. While the static analysis indicates a clean slate with no detected dangerous functions, SQL queries utilizing prepared statements, properly escaped output, and a seemingly non-existent attack surface in terms of AJAX, REST API, shortcodes, and cron events, this masks a significant underlying risk. The plugin has a history of 8 known CVEs, with 2 currently unpatched, both classified as high severity. This historical pattern, including past vulnerabilities such as missing authorization, SQL injection, CSRF, and XSS, is a strong indicator of recurring security weaknesses that have not been fully addressed.
The lack of detected taint flows and a seemingly zero attack surface from the static analysis are positive indicators of secure coding practices in those specific areas. However, the presence of unpatched high-severity vulnerabilities and the historical prevalence of critical vulnerability types overshadow these strengths. The plugin's history suggests a potential for undiscovered vulnerabilities or a failure to adequately remediate past issues. Therefore, despite the current static analysis results appearing favorable, the significant vulnerability history necessitates a cautious approach and a high level of concern for the security of this plugin.
Key Concerns
- Unpatched high severity vulnerabilities
- High volume of past CVEs
- History of critical vulnerability types
Easy Property Listings Security Vulnerabilities
CVEs by Year
Severity Breakdown
8 total CVEs
Easy Property Listings <= 3.5.17 - Missing Authorization
Easy Property Listings <= 3.5.16 - Missing Authorization
Easy Property Listings <= 3.5.3 - Authenticated (Admin+) Stored Cross-Site Scripting
Easy Property Listings <= 3.5.3 - Cross-Site Request Forgery
Easy Property Listings <= 3.5.3 - Missing Authorization via epl_update_listing_coordinates()
Easy Property Listings <= 3.5.2 - Authenticated(Contributor+) SQL Injection via Shortcode
Easy Property Listings < 3.4 - Cross-Site Request Forgery
Easy Property Listings <= 3.3.3 - Cross-Site Scripting
Easy Property Listings Code Analysis
SQL Query Safety
Output Escaping
Easy Property Listings Attack Surface
WordPress Hooks 1
Maintenance & Trust
Easy Property Listings Maintenance & Trust
Maintenance Signals
Community Trust
Easy Property Listings Alternatives
WPCasa
wpcasa
Flexible WordPress plugin to create professional real estate websites and manage property listings with ease.
Real Estate Manager – Property Listing and Agent Management
real-estate-manager
A comprehensive WordPress plugin designed to create feature-rich real estate websites and portals including Agent Management System.
WP All Import – Property Import for RealHomes
realhomes-xml-csv-property-listings-import
Drag & drop to import real estate listings from any CSV, XML, Excel, or Google Sheets file of any size or format. Supports images, floor plans, am …
WP All Import – Property Import for WP Residence
wp-residence-add-on-for-wp-all-import
Drag & drop to import real estate listings from any CSV, XML, Excel, or Google Sheets file of any size or format. Supports images, floor plans, am …
Buying Buddy IDX CRM – Real Estate MLS Plugin
buying-buddy-idx-crm
Transform your WordPress site into a powerful real estate platform with seamless MLS integration, IDX search, and built-in CRM - no databases or techn …
Easy Property Listings Developer Profile
2 plugins · 6K total installs
How We Detect Easy Property Listings
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/easy-property-listings/assets/css/epl-gallery.css/wp-content/plugins/easy-property-listings/assets/css/epl-frontend.css/wp-content/plugins/easy-property-listings/assets/css/epl-plugin.css/wp-content/plugins/easy-property-listings/assets/css/epl-theme.css/wp-content/plugins/easy-property-listings/assets/css/epl-tinymce.css/wp-content/plugins/easy-property-listings/assets/js/admin/epl-admin-listing.js/wp-content/plugins/easy-property-listings/assets/js/admin/epl-admin.js/wp-content/plugins/easy-property-listings/assets/js/admin/epl-admin-metabox.js+7 more/wp-content/plugins/easy-property-listings/assets/js/admin/epl-admin-listing.js/wp-content/plugins/easy-property-listings/assets/js/admin/epl-admin.js/wp-content/plugins/easy-property-listings/assets/js/admin/epl-admin-metabox.js/wp-content/plugins/easy-property-listings/assets/js/admin/epl-admin-settings.js/wp-content/plugins/easy-property-listings/assets/js/frontend/epl-frontend-gallery.js/wp-content/plugins/easy-property-listings/assets/js/frontend/epl-frontend-map.js+4 moreeasy-property-listings/assets/css/epl-gallery.css?ver=easy-property-listings/assets/css/epl-frontend.css?ver=easy-property-listings/assets/css/epl-plugin.css?ver=easy-property-listings/assets/css/epl-theme.css?ver=easy-property-listings/assets/css/epl-tinymce.css?ver=easy-property-listings/assets/js/admin/epl-admin-listing.js?ver=easy-property-listings/assets/js/admin/epl-admin.js?ver=easy-property-listings/assets/js/admin/epl-admin-metabox.js?ver=easy-property-listings/assets/js/admin/epl-admin-settings.js?ver=easy-property-listings/assets/js/frontend/epl-frontend-gallery.js?ver=easy-property-listings/assets/js/frontend/epl-frontend-map.js?ver=easy-property-listings/assets/js/frontend/epl-frontend.js?ver=easy-property-listings/assets/js/frontend/epl-frontend-search.js?ver=easy-property-listings/assets/js/frontend/epl-frontend-shortcodes.js?ver=easy-property-listings/assets/js/frontend/epl-frontend-wishlist.js?ver=HTML / DOM Fingerprints
epl-galleryepl-frontendepl-pluginepl-themeepl-tinymceepl-admin-listingepl-adminepl-admin-metabox+15 more<!-- EASILY ADD NEW PROPERTY TYPES BY COPYING THE EXISTING PROPERTY TYPE FILES AND CHANGING THE TEXT IN THE ARRAY BELOW--><!-- The template hierarchy should look like this: --><!-- SINGLE PROPERTY PAGE TEMPLATE --><!-- THE PROPERTY LISTING PAGE TEMPLATE -->+7 moredata-epl-gallery-iddata-epl-gallery-itemsEPL_FRONTEND_OBJECTEPL_SHORTCODESEPL_GALLERYEPL_SEARCH/wp-json/epl/v1/properties/wp-json/epl/v1/property[epl_property_listing][epl_property_search][epl_property_single][epl_property_gallery]