Does Listings for Appfolio have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Listings for Appfolio compatible with WordPress 6.9.4?

According to WordPress.org data, Listings for Appfolio 1.3.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Listings for Appfolio compatible with PHP 7.4+?

Listings for Appfolio requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Listings for Appfolio updated?

Listings for Appfolio was last updated on Feb 14, 2026. Frequent updates are generally a positive security signal.

What is Listings for Appfolio's security score?

Listings for Appfolio has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Listings for Appfolio Security & Risk Analysis

wordpress.org/plugins/listings-for-appfolio

This plugin gets your Appfolio property listings and display them in an interactive way rather than using iframe and gives you styling freedom.

200 active installs v1.3.3 PHP 7.4+ WP 6.0+ Updated Feb 14, 2026

appfolioappfolio-integrationlistingsproperty-listings

A · Safe

CVEs total1

Unpatched0

Last CVEFeb 3, 2025

Download

Safety Verdict

Is Listings for Appfolio Safe to Use in 2026?

Generally Safe

Score 99/100

Listings for Appfolio has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Feb 3, 2025Updated 3mo ago

Risk Assessment

The "listings-for-appfolio" plugin version 1.3.3 exhibits a generally positive security posture, with several strong practices in place. The absence of critical or high-severity taint flows and the exclusive use of prepared statements for SQL queries are notable strengths. Additionally, the plugin demonstrates an awareness of security by implementing nonce and capability checks on entry points, and all identified AJAX handlers and REST API routes are protected.

However, there are areas for improvement. The relatively low percentage of properly escaped output (43%) suggests a risk of Cross-Site Scripting (XSS) vulnerabilities, which could be exploited if malicious input is not adequately sanitized before rendering. The presence of file operations and external HTTP requests, while not inherently insecure, represent potential attack vectors if not carefully implemented and validated.

The vulnerability history indicates a past medium-severity Cross-Site Request Forgery (CSRF) vulnerability, which has since been patched. While the absence of currently unpatched vulnerabilities is positive, the previous CSRF issue highlights the importance of continuous security monitoring and testing. Overall, the plugin has a decent foundation but requires attention to output escaping to mitigate potential XSS risks.

Key Concerns

Low output escaping rate (43%)
Medium severity vulnerability in history

Vulnerabilities

1 published

Listings for Appfolio Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-22658medium · 6.1Cross-Site Request Forgery (CSRF)

Listings for Appfolio <= 1.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Feb 3, 2025 Patched in 1.2.1 (10d)

Version History

Listings for Appfolio Release Timeline

v1.3.3Current

v1.3.2

v1.3.1

v1.3.0

Code Analysis

Analyzed Mar 16, 2026

Listings for Appfolio Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

43% escaped28 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

4 flows

apfl_config_callback (admin\settings.php:8)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Listings for Appfolio Attack Surface

Entry Points3

Unprotected0

AJAX Handlers 2

authwp_ajax_apfl_get_lstng_detailinc\functions-front.php:8

noprivwp_ajax_apfl_get_lstng_detailinc\functions-front.php:9

Shortcodes 1

[apfl_listings] appfolio-listings.php:34

WordPress Hooks 4

actioninitappfolio-listings.php:20

actionwp_enqueue_scriptsappfolio-listings.php:37

actionadmin_enqueue_scriptsappfolio-listings.php:39

actionadmin_menuappfolio-listings.php:130

Maintenance & Trust

Listings for Appfolio Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 14, 2026

PHP min version7.4

Downloads9K

Community Trust

Rating88/100

Number of ratings20

Active installs200

Alternatives

Listings for Appfolio Alternatives

WP All Import – Property Import for RealHomes

realhomes-xml-csv-property-listings-import

100

Drag & drop to import real estate listings from any CSV, XML, Excel, or Google Sheets file of any size or format. Supports images, floor plans, am …

700 No CVEs

WP All Import – Property Import for WP Residence

wp-residence-add-on-for-wp-all-import

100

Drag & drop to import real estate listings from any CSV, XML, Excel, or Google Sheets file of any size or format. Supports images, floor plans, am …

700 No CVEs

Buying Buddy IDX CRM – Real Estate MLS Plugin

buying-buddy-idx-crm

Transform your WordPress site into a powerful real estate platform with seamless MLS integration, IDX search, and built-in CRM - no databases or techn …

400 2 CVEs

My IDX Home Search

my-idx-home-search

Supercharge your real estate website for lead generation with a powerful IDX Home Search made by the creators of the leading MLS search for Facebook.

200 2 CVEs

Easy Listings Map

easy-listings-map

Easy to use and advanced map extension for Easy Property Listings Wordpress plugin.

100 No CVEs

Developer Profile

Listings for Appfolio Developer Profile

Listings for Appfolio

1 plugin · 200 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

10 days

View full developer profile

Detection Fingerprints

How We Detect Listings for Appfolio

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/listings-for-appfolio/css/style.css/wp-content/plugins/listings-for-appfolio/css/fa.min.css/wp-content/plugins/listings-for-appfolio/js/main.js/wp-content/plugins/listings-for-appfolio/js/listings.js/wp-content/plugins/listings-for-appfolio/js/single.js/wp-content/plugins/listings-for-appfolio/css/admin-style.css/wp-content/plugins/listings-for-appfolio/js/admin.js

Script Paths

/wp-content/plugins/listings-for-appfolio/js/main.js/wp-content/plugins/listings-for-appfolio/js/listings.js/wp-content/plugins/listings-for-appfolio/js/single.js/wp-content/plugins/listings-for-appfolio/js/admin.js

Version Parameters

listings-for-appfolio/css/style.css?ver=listings-for-appfolio/css/fa.min.css?ver=listings-for-appfolio/js/main.js?ver=listings-for-appfolio/js/listings.js?ver=listings-for-appfolio/js/single.js?ver=listings-for-appfolio/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

apfl_min_rent_fltrapfl_max_rent_fltrapfl_fltr_fieldapfl_bed_fltrapfl_bath_fltrapfl-listings-containerapfl-eagle-templateapfl_banner+6 more

HTML Comments

<!--
 * Website: http://sourceforge.net/projects/simplehtmldom/
 * Additional projects: http://sourceforge.net/projects/debugobject/
 * Acknowledge: Jose Solorzano (https://sourceforge.net/projects/php-html/)
 *
 * Licensed under The MIT License
 * See the LICENSE file in the project root for more information.
 *
 * Authors:
 *   S.C. Chen
 *   John Schlick
 *   Rus Carroll
 *   logmanoriginal
 *
 * Contributors:
 *   Yousuke Kumakura
 *   Vadim Voituk
 *   Antcs
 *
 * Version Rev. 1.9.1 (291)
 -->

JS Globals

apfl_listing_objapfl_single_obj

Shortcode Output

<div id="apfl-listings-container" class="main-listings-page apfl-eagle-template" style="width: 100%; max-width: 100%;">
				<div class="apfl_banner">
					<div id="apfl_filters_wrapper" class="listing-filters"><select class="apfl_min_rent_fltr apfl_fltr_field"></select>
			<select class="apfl_max_rent_fltr apfl_fltr_field"></select>
			<select class="apfl_bed_fltr apfl_fltr_field">
				<option value="">Beds</option>
				<option value="1">1+</option>
				<option value="2">2+</option>
				<option value="3">3+</option>
				<option value="4">4+</option>
				<option value="5">5+</option>
			</select>
			<select class="apfl_bath_fltr apfl_fltr_field">
				<option value="">Baths</option>
				<option value="1">1+</option>
				<option value="2">2+</option>
				<option value="3">3+</option>
			</select>
		</div>
				</div>
				<div class="apfl_listings_wrapper"></div>
				<div class="apfl_listing_msg"></div>
			</div>
			<div class="apfl-sl-wrapper" style="width: 100%; max-width: 100%; display: none;"></div>
			<div class="apfl-loading">
				<p>Loading...</p>
				<img src="https://yourwebsite.com/wp-content/plugins/listings-for-appfolio//images/loading.gif">
			</div>

FAQ