WP-Safety

Estatik Real Estate Plugin Security & Risk Analysis

wordpress.org/plugins/estatik

You will love its clean design, simple use, and colorful themes. WordPress real estate plugin Estatik is a worthy choice for single agents and portals

10K active installs v4.3.0 PHP 5.6+ WP 5.4+ Updated Jan 31, 2026
idxlistingsmlsreal-estaterets
24
F · Critical Risk
CVEs total7
Unpatched2
Last CVEOct 16, 2025
Plugin page Download
Safety Verdict

Is Estatik Real Estate Plugin Safe to Use in 2026?

Critical Risk — Avoid

Score 24/100

Estatik Real Estate Plugin is critically unsafe with 7 known CVEs, 2 still unpatched. Avoid in production.

7 known CVEs 2 unpatched Last CVE: Oct 16, 2025Updated 2mo ago
Risk Assessment

The Estatik plugin v4.3.0 exhibits a concerning security posture, marked by a significant number of unprotected AJAX handlers and a history of serious vulnerabilities. While the plugin employs nonce checks and capability checks in a reasonable number of instances, the presence of 8 AJAX handlers without authentication is a major red flag, creating a substantial attack surface that could be exploited by unauthenticated users. The static analysis also reveals dangerous functions like `unserialize` and a high percentage of unsanitized taint flows (5 out of 7 analyzed), with 5 identified as high severity, indicating potential for critical exploits such as Remote Code Execution or Cross-Site Scripting. The vulnerability history further amplifies these concerns, with 7 known CVEs including 2 critical and 2 high severity issues, and critically, 2 CVEs that remain unpatched. This pattern suggests a recurring struggle with robust security practices and timely remediation of discovered flaws, making the plugin a high-risk component.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized taint flows
  • Presence of dangerous functions (unserialize)
  • Low percentage of properly escaped output
  • Unpatched critical CVEs
  • Unpatched high severity CVEs
  • Vulnerability history of critical/high severity
Vulnerabilities
7

Estatik Real Estate Plugin Security Vulnerabilities

CVEs by Year

2 CVEs in 2016
2016
2 CVEs in 2023
2023
1 CVE in 2024
2024
2 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Critical
2
High
2
Medium
3

7 total CVEs

CVE-2025-62963medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Estatik <= 4.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 16, 2025Unpatched
CVE-2025-26905high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Estatik <= 4.1.9 - Authenticated (Contributor+) Local File Inclusion

Feb 23, 2025Unpatched
CVE-2023-6050medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Estatik Real Estate Plugin <= 4.1.0 - Reflected Cross-Site Scripting

Jan 25, 2024 Patched in 4.1.1 (13d)
CVE-2023-6048medium · 5.4Missing Authorization

Estatik Real Estate Plugin <= 4.1.0 - Missing Authorization to Limited Arbitrary Options Update

Dec 25, 2023 Patched in 4.1.1 (44d)
CVE-2023-6049critical · 9.8Deserialization of Untrusted Data

Estatik Real Estate Plugin <= 4.1.0 - Unauthenticated PHP Object Injection

Dec 25, 2023 Patched in 4.1.1 (44d)
CVE-2016-10959high · 8.8Cross-Site Request Forgery (CSRF)

Estatik <= 2.3.0 - Cross-Site Request Forgery to Arbitrary File Upload

Aug 1, 2016 Patched in 2.3.1 (2731d)
CVE-2016-10958critical · 9.8Unrestricted Upload of File with Dangerous Type

Estatik <= 2.2.5 - Unauthenticated Arbitrary File Upload

Aug 1, 2016 Patched in 2.3.1 (2878d)
Code Analysis
Analyzed Mar 16, 2026

Estatik Real Estate Plugin Code Analysis

Dangerous Functions
5
Raw SQL Queries
16
27 prepared
Unescaped Output
410
217 escaped
Nonce Checks
41
Capability Checks
18
File Operations
0
External Requests
9
Bundled Libraries
1

Dangerous Functions Found

unserialize'options' => unserialize( $minor_field->options ),includes\classes\class-plugin-migration.php:268
unserialize$result = unserialize( $_COOKIE[ $this->get_key_name() ], array( 'allowed_classes' => false ) );includes\classes\helpers\class-cookies-container.php:81
unserialize$wishlist = unserialize( $_COOKIE[ $this->get_key_name() ], array( 'allowed_classes' => false ) );includes\classes\wishlist\class-wishlist-cookie.php:47
unserialize$data = unserialize( wp_unslash( $_COOKIE[ $this->get_key_name() ] ), array( 'allowed_classes' => faincludes\classes\wishlist\class-wishlist-cookie.php:63
assertassert( is_array( $array ) );includes\helper-functions.php:2011

Bundled Libraries

Select2

SQL Query Safety

63% prepared43 total queries

Output Escaping

35% escaped627 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

7 flows5 with unsanitized paths
dismiss_notices (includes\classes\class-admin-init.php:20)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

Estatik Real Estate Plugin Attack Surface

Entry Points44
Unprotected8

AJAX Handlers 44

authwp_ajax_es_save_fieldincludes\ajax.php:3
authwp_ajax_es_get_terms_creatorincludes\ajax.php:26
authwp_ajax_es_get_locationsincludes\ajax.php:64
noprivwp_ajax_es_get_locationsincludes\ajax.php:65
authwp_ajax_es_wishlist_actionincludes\ajax.php:90
noprivwp_ajax_es_wishlist_actionincludes\ajax.php:91
authwp_ajax_es_get_property_itemincludes\ajax.php:136
noprivwp_ajax_es_get_property_itemincludes\ajax.php:137
authwp_ajax_es_search_address_componentsincludes\ajax.php:186
noprivwp_ajax_es_search_address_componentsincludes\ajax.php:187
authwp_ajax_es_save_searchincludes\ajax.php:230
authwp_ajax_es_remove_saved_searchincludes\ajax.php:257
authwp_ajax_get_listingsincludes\ajax.php:298
noprivwp_ajax_get_listingsincludes\ajax.php:299
authwp_ajax_es_dismiss_noticesincludes\classes\class-admin-init.php:17
authwp_ajax_es_framework_attachment_save_captionincludes\classes\framework\ajax.php:3
authwp_ajax_es_framework_upload_fileincludes\classes\framework\ajax.php:32
authwp_ajax_es_terms_creator_add_termincludes\classes\pages\admin\class-data-manager-page.php:17
authwp_ajax_es_data_manager_delete_termsincludes\classes\pages\admin\class-data-manager-page.php:18
authwp_ajax_es_data_manager_get_formincludes\classes\pages\admin\class-data-manager-page.php:19
authwp_ajax_es_data_manager_get_creatorincludes\classes\pages\admin\class-data-manager-page.php:20
authwp_ajax_es_data_manager_get_listincludes\classes\pages\admin\class-data-manager-page.php:21
authwp_ajax_es_data_manager_restore_termincludes\classes\pages\admin\class-data-manager-page.php:22
authwp_ajax_es_fields_builder_get_field_formincludes\classes\pages\admin\class-fields-builder-page.php:16
authwp_ajax_es_fields_builder_get_section_formincludes\classes\pages\admin\class-fields-builder-page.php:17
authwp_ajax_es_fields_builder_save_fieldincludes\classes\pages\admin\class-fields-builder-page.php:19
authwp_ajax_es_fields_builder_save_sectionincludes\classes\pages\admin\class-fields-builder-page.php:20
authwp_ajax_es_fields_builder_delete_fieldincludes\classes\pages\admin\class-fields-builder-page.php:22
authwp_ajax_es_fields_builder_delete_sectionincludes\classes\pages\admin\class-fields-builder-page.php:23
authwp_ajax_es_fields_builder_change_items_orderincludes\classes\pages\admin\class-fields-builder-page.php:25
authwp_ajax_es_fields_builder_get_field_settingsincludes\classes\pages\admin\class-fields-builder-page.php:27
authwp_ajax_es_fields_builder_get_fields_tabincludes\classes\pages\admin\class-fields-builder-page.php:28
authwp_ajax_es_fields_builder_get_sectionsincludes\classes\pages\admin\class-fields-builder-page.php:29
authwp_ajax_es_fields_builder_restore_fieldincludes\classes\pages\admin\class-fields-builder-page.php:30
authwp_ajax_es_fields_builder_restore_sectionincludes\classes\pages\admin\class-fields-builder-page.php:31
authwp_ajax_es_migrationincludes\classes\pages\admin\class-migration-page.php:12
authwp_ajax_es_property_quick_edit_formincludes\classes\pages\admin\class-properties-archive-page.php:27
authwp_ajax_es_property_quick_edit_bulk_formincludes\classes\pages\admin\class-properties-archive-page.php:28
authwp_ajax_es_settings_create_pageincludes\classes\pages\admin\class-settings-page.php:15
authwp_ajax_es_save_settingsincludes\classes\pages\admin\class-settings-page.php:16
authwp_ajax_es_profile_save_infoincludes\classes\pages\front\class-profile-page.php:12
authwp_ajax_es_profile_save_pwdincludes\classes\pages\front\class-profile-page.php:13
authwp_ajax_es_submit_request_formincludes\classes\shortcodes\class-request-form-shortcode.php:231
noprivwp_ajax_es_submit_request_formincludes\classes\shortcodes\class-request-form-shortcode.php:232
WordPress Hooks 141
filterblock_categories_allincludes\classes\blocks\class-block-categories.php:26
actionenqueue_block_editor_assetsincludes\classes\blocks\class-blocks.php:44
actionwp_enqueue_scriptsincludes\classes\blocks\class-blocks.php:45
actionenqueue_block_editor_assetsincludes\classes\blocks\class-blocks.php:48
actionenqueue_block_editor_assetsincludes\classes\blocks\class-blocks.php:49
actioninitincludes\classes\blocks\class-blocks.php:96
actionwpincludes\classes\class-admin-init.php:12
actiones_admin_page_barincludes\classes\class-admin-init.php:13
filtercron_schedulesincludes\classes\class-admin-init.php:14
actiones_remote_admin_noticesincludes\classes\class-admin-init.php:15
actionadmin_noticesincludes\classes\class-admin-init.php:16
actionadmin_menuincludes\classes\class-admin-menu.php:12
actionwp_enqueue_scriptsincludes\classes\class-assets-init.php:14
actionadmin_enqueue_scriptsincludes\classes\class-assets-init.php:15
actionwp_enqueue_scriptsincludes\classes\class-assets-init.php:17
actionadmin_enqueue_scriptsincludes\classes\class-assets-init.php:18
filterscript_loader_srcincludes\classes\class-assets-init.php:20
actioninitincludes\classes\class-auth-init.php:17
actioninitincludes\classes\class-auth-init.php:18
actioninitincludes\classes\class-auth-init.php:19
actioninitincludes\classes\class-auth-init.php:20
actioninitincludes\classes\class-auth-init.php:23
actiones_register_new_buyerincludes\classes\class-auth-init.php:26
filterwp_new_user_notification_email_adminincludes\classes\class-auth-init.php:160
filterwp_new_user_notification_emailincludes\classes\class-auth-init.php:161
filterwp_new_user_notification_emailincludes\classes\class-auth-init.php:162
actionregister_new_userincludes\classes\class-auth-init.php:165
filterwp_password_change_notification_emailincludes\classes\class-auth-init.php:355
actionet_builder_readyincludes\classes\class-divi.php:14
filteret_fb_load_raw_post_contentincludes\classes\class-divi.php:15
actionelementor/controls/registerincludes\classes\class-elementor.php:16
actionelementor/widgets/widgets_registeredincludes\classes\class-elementor.php:17
actionelementor/elements/categories_registeredincludes\classes\class-elementor.php:18
actionelementor/editor/before_enqueue_scriptsincludes\classes\class-elementor.php:19
actionelementor/editor/before_enqueue_scriptsincludes\classes\class-elementor.php:20
actionelementor/editor/before_enqueue_scriptsincludes\classes\class-elementor.php:21
filterelementor/widgets/black_listincludes\classes\class-elementor.php:22
actionelementor/documents/registerincludes\classes\class-elementor.php:23
actionelementor/db/before_saveincludes\classes\class-elementor.php:24
actiones_logoincludes\classes\class-estatik-logo.php:12
actionplugins_loadedincludes\classes\class-estatik.php:23
actioninitincludes\classes\class-migrations.php:21
actionrest_api_initincludes\classes\class-polylang-init.php:12
actionadd_meta_boxesincludes\classes\class-polylang-init.php:13
filterwp_generate_attachment_metadataincludes\classes\class-polylang-init.php:14
actionpll_save_postincludes\classes\class-polylang-init.php:15
actionadmin_noticesincludes\classes\class-polylang-init.php:94
actioninitincludes\classes\class-post-types.php:14
actioninitincludes\classes\class-taxonomies.php:14
filtertemplate_includeincludes\classes\class-template-loader.php:32
filterthe_contentincludes\classes\class-template-loader.php:33
filterpost_thumbnail_htmlincludes\classes\class-template-loader.php:34
actionloop_startincludes\classes\class-template-loader.php:36
actionloop_endincludes\classes\class-template-loader.php:37
actioninitincludes\classes\class-template-loader.php:150
actionadd_meta_boxesincludes\classes\meta-boxes\class-entity-fields-meta-box.php:37
filteradmin_body_classincludes\classes\meta-boxes\class-entity-fields-meta-box.php:46
filterhttp_request_timeoutincludes\classes\pages\admin\class-dashboard-page.php:18
actiones_data_manager_contentincludes\classes\pages\admin\class-data-manager-page.php:16
actioninitincludes\classes\pages\admin\class-demo-page.php:12
actionadmin_enqueue_scriptsincludes\classes\pages\admin\class-entities-archive-page.php:45
actionpre_get_postsincludes\classes\pages\admin\class-entities-archive-page.php:46
actionmanage_posts_extra_tablenavincludes\classes\pages\admin\class-entities-archive-page.php:47
filteradmin_body_classincludes\classes\pages\admin\class-entities-archive-page.php:48
actioninitincludes\classes\pages\admin\class-entities-archive-page.php:56
actiones_fields_builder_fields_tabincludes\classes\pages\admin\class-fields-builder-page.php:14
actiones_fields_builder_field_settingsincludes\classes\pages\admin\class-fields-builder-page.php:33
actiones_fields_builder_section_settingsincludes\classes\pages\admin\class-fields-builder-page.php:34
actionnetwork_admin_noticesincludes\classes\pages\admin\class-properties-archive-page.php:20
actionuser_admin_noticesincludes\classes\pages\admin\class-properties-archive-page.php:21
actionadmin_noticesincludes\classes\pages\admin\class-properties-archive-page.php:22
filterviews_edit-propertiesincludes\classes\pages\admin\class-properties-archive-page.php:25
actionadmin_menuincludes\classes\pages\admin\class-settings-page.php:14
actioninitincludes\classes\shortcodes\class-shortcodes.php:14
actionwidgets_initincludes\classes\widgets\class-widget.php:23
actiones_after_single_contentincludes\entity-functions.php:160
filterthe_excerptincludes\hooks.php:17
actiones_search_render_fieldincludes\hooks.php:277
actionadmin_bar_menuincludes\hooks.php:296
actiones_privacy_policyincludes\hooks.php:361
actiones_recaptchaincludes\hooks.php:445
filteres_settings_get_available_valuesincludes\hooks.php:468
actionwp_footerincludes\hooks.php:478
actionsave_post_pageincludes\hooks.php:497
actionpre_get_avatarincludes\hooks.php:541
filterdisplay_post_statesincludes\hooks.php:566
actiones_after_single_property_contentincludes\hooks.php:585
actiones_after_listingsincludes\hooks.php:599
actiones_after_single_contentincludes\hooks.php:600
actiones_after_authenticationincludes\hooks.php:601
actiones_after_profileincludes\hooks.php:602
actionlogin_enqueue_scriptsincludes\hooks.php:625
filterterm_linkincludes\hooks.php:649
filterrequestincludes\hooks.php:694
filterpost_thumbnail_htmlincludes\hooks.php:709
actionpre_delete_termincludes\hooks.php:732
filteres_property_get_field_valueincludes\hooks.php:752
filteres_property_save_field_valueincludes\hooks.php:778
actiones_property_after_save_fieldsincludes\hooks.php:798
actionsave_post_propertiesincludes\hooks.php:832
filteres_get_the_formatted_fieldincludes\hooks.php:864
actionbefore_delete_postincludes\hooks.php:887
filterpost_classincludes\hooks.php:904
filtersanitize_titleincludes\hooks.php:934
actionactivated_pluginincludes\hooks.php:950
filterwpm_load_configincludes\hooks.php:967
actioninitincludes\hooks.php:980
filteret_builder_third_party_post_typesincludes\hooks.php:991
filteret_get_option_et_divi_divi_thumbnailsincludes\hooks.php:1005
filteres_property_default_fieldsincludes\hooks.php:1037
actiones_activationincludes\hooks.php:1045
filterlostpassword_urlincludes\hooks.php:1059
filterwp_kses_allowed_htmlincludes\hooks.php:1083
filterupload_mimesincludes\hooks.php:1095
filterwp_check_filetype_and_extincludes\hooks.php:1120
actionpmxi_saved_postincludes\hooks.php:1145
actionpmxi_saved_postincludes\hooks.php:1167
actionpmxi_saved_postincludes\hooks.php:1179
actionpmxi_saved_postincludes\hooks.php:1211
actionpre_get_postsincludes\hooks.php:1228
filteres_get_properties_range_fieldsincludes\hooks.php:1249
filterterm_linkincludes\hooks.php:1275
actiones_after_save_propertyincludes\hooks.php:1306
actioninitincludes\hooks.php:1316
actionpre_get_postsincludes\hooks.php:1517
actionwidgets_initincludes\hooks.php:1536
actionwp_headincludes\hooks.php:1596
filteres_get_the_formatted_fieldincludes\hooks.php:1616
actionplugins_loadedincludes\loop-functions.php:326
actionelementor/widget/before_render_contentincludes\loop-functions.php:328
actiones_single_property_sectionincludes\property-functions.php:137
actiones_property_badgesincludes\property-functions.php:149
actiones_property_metaincludes\property-functions.php:161
actiones_property_controlincludes\property-functions.php:183
actiones_single_property_layoutincludes\property-functions.php:198
actiones_sort_dropdownincludes\property-functions.php:226
actiones_layoutsincludes\property-functions.php:239
actiones_before_listingsincludes\property-functions.php:255
actiones_properties_no_found_postsincludes\property-functions.php:883
actiones_property_breadcrumbsincludes\property-functions.php:898
actiones_property_breadcrumbsincludes\property-functions.php:974

Scheduled Events 1

es_remote_admin_notices
Maintenance & Trust

Estatik Real Estate Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 31, 2026
PHP min version5.6
Downloads370K

Community Trust

Rating90/100
Number of ratings183
Active installs10K
Alternatives

Estatik Real Estate Plugin Alternatives

Diverse Solutions IDX Real Estate Listings & MLS Search

Diverse Solutions IDX Real Estate Listings & MLS Search

dsidxpress

A
100

Easily add mobile and SEO-friendly MLS listings to your website to attract & engage visitors, plus lead capture tools to turn them into clients.

1K 1 CVE
My IDX Home Search

My IDX Home Search

my-idx-home-search

A
91

Supercharge your real estate website for lead generation with a powerful IDX Home Search made by the creators of the leading MLS search for Facebook.

200 2 CVEs
PeakIDX Real Estate Search & Lead Generation

PeakIDX Real Estate Search & Lead Generation

peakidx-real-estate

A
100

Best In Class Website IDX - Premiere Search & Lead Generation for Real Estate Professionals

0 No CVEs
Optima Express IDX

Optima Express IDX

optima-express

A
100

Embed real estate property listings, market reports & MLS data on your WordPress site. Responsive design, great SEO & proven lead capture.

8K 1 CVE
Realtyna Organic IDX plugin + WPL Real Estate

Realtyna Organic IDX plugin + WPL Real Estate

real-estate-listing-realtyna-wpl

A
87

Your comprehensive solution for creating dynamic and feature-rich real estate websites on WordPress. Designed to cater to the diverse needs of real es &hellip;

2K 4 CVEs
Developer Profile

Estatik Real Estate Plugin Developer Profile

Estatik

2 plugins · 11K total installs

28
trust score
Avg Security Score
27/100
Avg Patch Time
952 days
View full developer profile
Detection Fingerprints

How We Detect Estatik Real Estate Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/estatik/admin/css/admin.min.css/wp-content/plugins/estatik/admin/js/admin.min.js/wp-content/plugins/estatik/admin/js/property-metabox.min.js/wp-content/plugins/estatik/admin/css/locations.min.css/wp-content/plugins/estatik/common/select2/select2.full.min.js/wp-content/plugins/estatik/common/select2/select2.min.css/wp-content/plugins/estatik/common/estatik-popup/estatik-popup.css/wp-content/plugins/estatik/public/css/responsive.css+14 more
Script Paths
/wp-content/plugins/estatik/admin/js/admin.min.js/wp-content/plugins/estatik/admin/js/property-metabox.min.js/wp-content/plugins/estatik/common/select2/select2.full.min.js/wp-content/plugins/estatik/public/js/frontend.min.js/wp-content/plugins/estatik/public/js/single-property.min.js/wp-content/plugins/estatik/public/js/listing.min.js+8 more
Version Parameters
estatik/admin/css/admin.min.css?ver=estatik/admin/js/admin.min.js?ver=estatik/admin/js/property-metabox.min.js?ver=estatik/admin/css/locations.min.css?ver=estatik/common/select2/select2.full.min.js?ver=estatik/common/select2/select2.min.css?ver=estatik/common/estatik-popup/estatik-popup.css?ver=estatik/public/css/responsive.css?ver=estatik/public/css/main.min.css?ver=estatik/public/css/colors.css?ver=estatik/public/css/map-styles.css?ver=estatik/public/js/frontend.min.js?ver=estatik/public/js/single-property.min.js?ver=estatik/public/js/listing.min.js?ver=estatik/public/js/property-map.min.js?ver=estatik/public/js/single-property-gallery.min.js?ver=estatik/common/js/magnific-popup/jquery.magnific-popup.min.js?ver=estatik/common/js/slick/slick.min.js?ver=estatik/common/js/jquery.form.min.js?ver=estatik/common/js/jquery.validate.min.js?ver=estatik/common/js/jquery.matchHeight.js?ver=estatik/common/js/masonry.pkgd.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
es-pricees-property-galleryes-listinges-single-propertyes-map-wrapperes-widget-areaes-property-metaes-property-agent+5 more
HTML Comments
<!-- Widget Area --><!-- Estatik Custom Fields -->
Data Attributes
data-plugin-name="Estatik"data-version="4.3.0"data-plugin-path="/wp-content/plugins/estatik/"data-es-currency-symboldata-es-price-formatdata-es-map-type+4 more
JS Globals
Estatikes_varses_form_vars
REST Endpoints
/wp-json/estatik/v1/properties/wp-json/estatik/v1/locations/wp-json/estatik/v1/agents
Shortcode Output
[estatik_property_list][estatik_property_detail][estatik_search_form][estatik_map]
FAQ

Frequently Asked Questions about Estatik Real Estate Plugin