WP-Safety

Import into Easy Property Listings Security & Risk Analysis

wordpress.org/plugins/easy-property-listings-xml-csv-import

Import listings into Easy Property Listings with this WP All Import add-on for WordPress. Created for maximum performance.

1K active installs v2.2.2 PHP 7.1+ WP 3.9+ Updated Dec 16, 2025
csvimportreal-estatereaxmlxml
99
A · Safe
CVEs total1
Unpatched0
Last CVEDec 30, 2025
Download
Safety Verdict

Is Import into Easy Property Listings Safe to Use in 2026?

Generally Safe

Score 99/100

Import into Easy Property Listings has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 30, 2025Updated 3mo ago
Risk Assessment

The "easy-property-listings-xml-csv-import" plugin v2.2.2 exhibits a generally good security posture with several positive indicators. The absence of direct entry points like AJAX handlers, REST API routes, shortcodes, and cron events, especially without authentication checks, significantly limits the potential attack surface. Furthermore, the plugin demonstrates strong adherence to secure coding practices by using prepared statements for all SQL queries and properly escaping a high percentage of its outputs. The presence of nonce and capability checks also adds a layer of defense against common web attacks.

However, a critical concern arises from the presence of the `unserialize` function. While not directly linked to any reported taint flows in this static analysis, `unserialize` is inherently dangerous as it can lead to object injection vulnerabilities if it processes untrusted data. The file operation is another area to monitor, though without further context on its usage, its risk is moderate. The plugin's vulnerability history, with a past medium-severity CVE, indicates that while not currently facing unpatched critical issues, the plugin has had security flaws in the past. This suggests a need for continued vigilance and prompt patching of any future vulnerabilities.

In conclusion, the plugin has strengths in its limited attack surface and adherence to secure coding for SQL and output. The primary weakness lies in the use of `unserialize`. The past vulnerability history, though resolved, serves as a reminder that security is an ongoing process. Overall, it's a moderately secure plugin with a single critical function to be mindful of.

Key Concerns

  • Presence of unserialize function
  • Past medium severity CVE
  • File operations present
Vulnerabilities
1

Import into Easy Property Listings Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-62112medium · 4.3Cross-Site Request Forgery (CSRF)

Import into Easy Property Listings <= 2.2.1 - Cross-Site Request Forgery

Dec 30, 2025 Patched in 2.2.2 (7d)
Code Analysis
Analyzed Mar 16, 2026

Import into Easy Property Listings Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
3 prepared
Unescaped Output
11
55 escaped
Nonce Checks
1
Capability Checks
1
File Operations
1
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$fieldData = ( ! empty( $field_params['field_obj']->post_content ) ) ? unserialize( $field_includes\rapid-addon.php:596

SQL Query Safety

100% prepared3 total queries

Output Escaping

83% escaped66 total outputs
Attack Surface

Import into Easy Property Listings Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 35
actionadmin_initepl-wp-all-import.php:88
actionactivated_pluginepl-wp-all-import.php:89
actionadmin_noticesepl-wp-all-import.php:107
actionplugins_loadedepl-wp-all-import.php:239
actionpmxi_reimportincludes\functions.php:148
filterpmxi_custom_field_to_updateincludes\functions.php:184
filterpmxi_custom_field_to_deleteincludes\functions.php:217
filterpmxi_save_optionsincludes\functions.php:245
filterwp_all_import_existing_meta_keysincludes\functions.php:373
filterwp_all_import_handle_uploadincludes\functions.php:480
actionadmin_initincludes\functions.php:631
filterepl_extensions_options_filter_newincludes\hooks.php:106
actioninitincludes\importer.php:148
actionpmxi_before_post_importincludes\importer.php:284
actionpmxi_before_post_importincludes\importer.php:315
filterpmxi_is_images_to_updateincludes\importer.php:487
filterpmxi_delete_imagesincludes\importer.php:580
filterwp_all_import_is_post_to_updateincludes\importer.php:726
filterwp_all_import_is_post_to_updateincludes\importer.php:728
filterpmxi_addonsincludes\rapid-addon.php:147
filterwp_all_import_addon_parseincludes\rapid-addon.php:148
filterwp_all_import_addon_importincludes\rapid-addon.php:149
filterwp_all_import_addon_saved_postincludes\rapid-addon.php:150
filterpmxi_options_optionsincludes\rapid-addon.php:151
filterwp_all_import_image_sectionsincludes\rapid-addon.php:152
filterpmxi_custom_typesincludes\rapid-addon.php:153
filterpmxi_post_list_orderincludes\rapid-addon.php:154
filterwp_all_import_post_type_imageincludes\rapid-addon.php:155
actionpmxi_extend_options_featuredincludes\rapid-addon.php:156
actionadmin_initincludes\rapid-addon.php:157
filterwp_all_import_acf_is_show_groupincludes\rapid-addon.php:240
filterwp_all_import_is_show_add_new_imagesincludes\rapid-addon.php:959
filterwp_all_import_is_allow_import_imagesincludes\rapid-addon.php:962
filterwp_all_import_is_images_section_enabledincludes\rapid-addon.php:1003
actionadmin_noticesincludes\rapid-addon.php:1222
Maintenance & Trust

Import into Easy Property Listings Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 16, 2025
PHP min version7.1
Downloads35K

Community Trust

Rating100/100
Number of ratings1
Active installs1K
Alternatives

Import into Easy Property Listings Alternatives

WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets

WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets

wp-all-import

B
75

Easily import any file of any size into any plugin, post type, custom field, or taxonomy. Supports WooCommerce, ACF, images, galleries, users, real es &hellip;

100K 22 CVEs
WP All Import – Import Add-On for ACF

WP All Import – Import Add-On for ACF

csv-xml-import-for-acf

A
100

Drag & drop to import any CSV, Excel, XML, or Google Sheets file into Advanced Custom Fields. Supports repeaters, flexible content, galleries, and &hellip;

40K No CVEs
WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress

WP Ultimate CSV Importer – Import CSV, XML & Excel into WordPress

wp-ultimate-csv-importer

A
88

Effortlessly import, export, and migrate your WordPress data with WP Ultimate CSV Importer. This all-in-one solution supports CSV, XML, and Excel file &hellip;

20K 26 CVEs
Import WP – Export and Import CSV and XML files to WordPress

Import WP – Export and Import CSV and XML files to WordPress

jc-importer

A
90

Import WP, a simple, fast and powerful XML and CSV import solution, Making it easy to import posts, pages, categories, tags, users and attachments.

5K 5 CVEs
Import WooCommerce Suite

Import WooCommerce Suite

import-woocommerce

A
100

Use the WooCommerce Import Suite to import Products, Orders, Coupons, Customers, and Reviews with ease. Requires the WP Ultimate CSV Importer Free plu &hellip;

4K 1 CVE
Developer Profile

Import into Easy Property Listings Developer Profile

Merv Barrett

2 plugins · 6K total installs

66
trust score
Avg Security Score
81/100
Avg Patch Time
439 days
View full developer profile
Detection Fingerprints

How We Detect Import into Easy Property Listings

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easy-property-listings-xml-csv-import/includes/meta-boxes-compat.php/wp-content/plugins/easy-property-listings-xml-csv-import/includes/hooks.php/wp-content/plugins/easy-property-listings-xml-csv-import/includes/rapid-addon.php/wp-content/plugins/easy-property-listings-xml-csv-import/includes/importer.php/wp-content/plugins/easy-property-listings-xml-csv-import/languages/

HTML / DOM Fingerprints

FAQ

Frequently Asked Questions about Import into Easy Property Listings