WP-Safety

Interactive Image – Real Estate Visualizer & Image Map Security & Risk Analysis

wordpress.org/plugins/interactive-real-estate

⚡ Create interactive images with clickable zones on svg. Display floor plans, image maps, property details and 2D/3D photos. No coding required.

20 active installs v2.2.1 PHP 7.4+ WP 5.0+ Updated Mar 10, 2026
floor-planhotspotsimage-mapinteractive-imagessvg
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Interactive Image – Real Estate Visualizer & Image Map Safe to Use in 2026?

Generally Safe

Score 100/100

Interactive Image – Real Estate Visualizer & Image Map has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 24d ago
Risk Assessment

The "interactive-real-estate" v2.2.1 plugin exhibits a concerning security posture due to a significantly exposed attack surface. While the code demonstrates good practices in SQL query handling and output escaping, the lack of authentication checks on a large number of AJAX handlers is a major red flag. With 48 out of 50 total entry points being unprotected AJAX endpoints, this plugin presents a substantial risk of unauthorized access and potential exploitation.

The static analysis reveals that all 8 analyzed taint flows involve unsanitized paths. Although no critical or high severity taint flows were identified, this indicates that user-supplied data could potentially be manipulated to affect application behavior or access unintended resources. The absence of nonce checks on these numerous AJAX handlers further exacerbates the risk of Cross-Site Request Forgery (CSRF) attacks, allowing attackers to trick authenticated users into performing unintended actions.

The plugin's vulnerability history is currently clean, with no recorded CVEs. This is a positive indicator, suggesting that past development might have prioritized security. However, the current static analysis findings, particularly the unprotected AJAX handlers and unsanitized taint flows, suggest that this positive history may not reflect the current state of the plugin. The plugin's strengths lie in its proper use of prepared statements for SQL and robust output escaping, but these are overshadowed by the critical weaknesses in access control for its primary entry points.

Key Concerns

  • Unprotected AJAX handlers
  • Unsanitized paths in taint flows
  • Missing nonce checks on AJAX
  • Bundled outdated library
Vulnerabilities
None known

Interactive Image – Real Estate Visualizer & Image Map Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Interactive Image – Real Estate Visualizer & Image Map Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
9 prepared
Unescaped Output
1
230 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared9 total queries

Output Escaping

100% escaped231 total outputs
Data Flows
8 unsanitized

Data Flow Analysis

8 flows8 with unsanitized paths
irep_add_flat_custom_fields (includes\controllers\Flat.php:588)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
48 unprotected

Interactive Image – Real Estate Visualizer & Image Map Attack Surface

Entry Points50
Unprotected48

AJAX Handlers 48

authwp_ajax_irep_get_blocksincludes\controllers\Block.php:345
authwp_ajax_irep_create_blockincludes\controllers\Block.php:346
authwp_ajax_irep_update_blockincludes\controllers\Block.php:347
authwp_ajax_irep_delete_blockincludes\controllers\Block.php:348
authwp_ajax_irep_exportincludes\controllers\DataImportExport.php:284
authwp_ajax_irep_importincludes\controllers\DataImportExport.php:285
authwp_ajax_irep_get_flatsincludes\controllers\Flat.php:618
authwp_ajax_irep_create_flatincludes\controllers\Flat.php:619
authwp_ajax_irep_update_flatincludes\controllers\Flat.php:620
authwp_ajax_irep_delete_flatincludes\controllers\Flat.php:621
authwp_ajax_irep_add_flat_custom_fieldsincludes\controllers\Flat.php:622
authwp_ajax_irep_get_flat_fieldsincludes\controllers\Flat.php:623
authwp_ajax_irep_change_flat_statusincludes\controllers\Flat.php:624
authwp_ajax_irep_change_flat_configincludes\controllers\Flat.php:625
authwp_ajax_irep_get_floorsincludes\controllers\Floor.php:407
authwp_ajax_irep_create_floorincludes\controllers\Floor.php:408
authwp_ajax_irep_update_floorincludes\controllers\Floor.php:409
authwp_ajax_irep_delete_floorincludes\controllers\Floor.php:410
authwp_ajax_irep_add_table_fieldsincludes\controllers\GeneralController.php:34
authwp_ajax_irep_get_table_fieldsincludes\controllers\GeneralController.php:35
authwp_ajax_irep_add_table_contact_urlincludes\controllers\GeneralController.php:37
authwp_ajax_irep_get_table_contact_urlincludes\controllers\GeneralController.php:38
authwp_ajax_irep_change_table_one_columnincludes\controllers\GeneralController.php:40
authwp_ajax_irep_get_table_one_columnincludes\controllers\GeneralController.php:41
authwp_ajax_irep_get_metaincludes\controllers\Meta.php:263
authwp_ajax_irep_create_or_update_metaincludes\controllers\Meta.php:264
authwp_ajax_irep_get_custom_status_typesincludes\controllers\Meta.php:317
authwp_ajax_irep_update_custom_status_typesincludes\controllers\Meta.php:318
authwp_ajax_irep_get_projectsincludes\controllers\Project.php:289
authwp_ajax_irep_create_projectincludes\controllers\Project.php:290
authwp_ajax_irep_update_projectincludes\controllers\Project.php:291
authwp_ajax_irep_delete_projectincludes\controllers\Project.php:292
authwp_ajax_irep_get_reservationsincludes\controllers\Reservation.php:230
authwp_ajax_irep_create_reservationincludes\controllers\Reservation.php:231
noprivwp_ajax_irep_create_reservationincludes\controllers\Reservation.php:232
authwp_ajax_irep_delete_reservationincludes\controllers\Reservation.php:233
noprivwp_ajax_irep_get_shortcode_dataincludes\controllers\ShortCodeApi.php:228
authwp_ajax_irep_get_shortcode_dataincludes\controllers\ShortCodeApi.php:229
authwp_ajax_irep_get_tooltipincludes\controllers\Tooltip.php:293
authwp_ajax_irep_create_tooltipincludes\controllers\Tooltip.php:294
authwp_ajax_irep_update_tooltipincludes\controllers\Tooltip.php:295
authwp_ajax_irep_delete_tooltipincludes\controllers\Tooltip.php:296
authwp_ajax_irep_get_typesincludes\controllers\Type.php:334
authwp_ajax_irep_create_typeincludes\controllers\Type.php:335
authwp_ajax_irep_update_typeincludes\controllers\Type.php:336
authwp_ajax_irep_delete_typeincludes\controllers\Type.php:337
authwp_ajax_irep_get_nonceincludes\shortcodes.php:129
noprivwp_ajax_irep_get_nonceincludes\shortcodes.php:130

Shortcodes 2

[irep_project] includes\shortcodes.php:68
[irep_flats] includes\shortcodes.php:118
WordPress Hooks 9
actioninitincludes\ajaxWhiteList.php:7
actionplugins_loadedincludes\init.php:8
actionadmin_menuincludes\init.php:31
actionadmin_enqueue_scriptsincludes\init.php:140
filterscript_loader_tagincludes\init.php:164
filteradmin_footer_textincludes\init.php:177
filterupdate_footerincludes\init.php:190
actionwp_enqueue_scriptsincludes\shortcodes.php:35
actioninitinteractive-real-estate.php:53
Maintenance & Trust

Interactive Image – Real Estate Visualizer & Image Map Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 10, 2026
PHP min version7.4
Downloads2K

Community Trust

Rating100/100
Number of ratings3
Active installs20
Alternatives

Interactive Image – Real Estate Visualizer & Image Map Alternatives

Vision – Interactive Image Map Builder

Vision – Interactive Image Map Builder

vision

A
98

Empower your site with interactive visuals! Our plugin seamlessly transforms static images into engaging media, enabling publishers and bloggers.

2K 3 CVEs
Interactive Image Map Plugin – Draw Attention

Interactive Image Map Plugin – Draw Attention

draw-attention

A
99

Create interactive images with clickable hotspots, using modern image maps for WordPress. Perfect for floor plans, infographics, maps, and more.

20K 2 CVEs
PicPoints

PicPoints

picpoints

A
100

Create interactive images with clickable hotspots for WordPress.

0 No CVEs
Interactive Image Map Builder

Interactive Image Map Builder

interactive-image-map-builder

A
100

Clickable hotspots can be easily created with this plugin. A great way to display image maps, floor plans, and more.

1K 1 CVE
WP Image Markers – Easy Hotspot Solution

WP Image Markers – Easy Hotspot Solution

wp-image-makers-easy-hotspot-solution

A
85

Easy way to add markers to an image and drag to reposition them.

800 No CVEs
Developer Profile

Interactive Image – Real Estate Visualizer & Image Map Developer Profile

Esaia

2 plugins · 30 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Interactive Image – Real Estate Visualizer & Image Map

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/interactive-real-estate/dist-module/assets/index.js/wp-content/plugins/interactive-real-estate/dist-module/assets/index.css
Script Paths
/wp-content/plugins/interactive-real-estate/dist-module/assets/index.js
Version Parameters
/wp-content/plugins/interactive-real-estate/dist-module/assets/index.js?ver=/wp-content/plugins/interactive-real-estate/dist-module/assets/index.css?ver=

HTML / DOM Fingerprints

CSS Classes
irep-app
Data Attributes
data-ire-plugin
JS Globals
irePlugin
Shortcode Output
[interactive_real_estate]
FAQ

Frequently Asked Questions about Interactive Image – Real Estate Visualizer & Image Map