WP-Safety

Real Estate Manager – Property Listing and Agent Management Security & Risk Analysis

wordpress.org/plugins/real-estate-manager

A comprehensive WordPress plugin designed to create feature-rich real estate websites and portals including Agent Management System.

700 active installs v7.3 PHP + WP 3.5+ Updated May 29, 2024
listingspropertyreal-estaterealtywp-property
12
F · Critical Risk
CVEs total9
Unpatched8
Last CVESep 22, 2025
Plugin page Download
Safety Verdict

Is Real Estate Manager – Property Listing and Agent Management Safe to Use in 2026?

Critical Risk — Avoid

Score 12/100

Real Estate Manager – Property Listing and Agent Management is critically unsafe with 9 known CVEs, 8 still unpatched. Avoid in production.

9 known CVEs 8 unpatched Last CVE: Sep 22, 2025Updated 1yr ago
Risk Assessment

The real-estate-manager plugin v7.3 presents a concerning security posture, despite some positive aspects. While SQL queries are correctly prepared and a good portion of output is escaped, the presence of 11 unprotected AJAX handlers and a dangerous `unserialize` function are significant red flags. The taint analysis, while not flagging critical or high severity unsanitized paths, still shows 7 flows with unsanitized paths, indicating potential areas for exploitation if combined with other weaknesses.

The plugin's vulnerability history is a major area of concern. With 9 known CVEs, 8 of which are unpatched, including 2 critical and 2 high severity vulnerabilities, the risk is elevated. The types of past vulnerabilities (XSS, CSRF, Code Injection, RFI, guessable CAPTCHA, privilege escalation) suggest a pattern of insecure coding practices that could be exploited to compromise sites using this plugin. The recent vulnerability in September 2025 further underscores the ongoing struggle to maintain security. Overall, the plugin has a poor security track record and significant unaddressed vulnerabilities, making it a high-risk component for any WordPress installation.

Key Concerns

  • Unpatched Critical Vulnerabilities
  • Unpatched High Severity Vulnerabilities
  • Unpatched Medium Severity Vulnerabilities
  • Unprotected AJAX Handlers
  • Dangerous Function: unserialize
  • Flows with unsanitized paths
  • Output escaping not fully proper
  • Bundled library: Select2
Vulnerabilities
9

Real Estate Manager – Property Listing and Agent Management Security Vulnerabilities

CVEs by Year

1 CVE in 2019
2019
1 CVE in 2023 · unpatched
2023
7 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Critical
2
High
2
Medium
5

9 total CVEs

CVE-2025-58253medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Real Estate Manager <= 7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 22, 2025Unpatched
CVE-2025-52825medium · 4.3Cross-Site Request Forgery (CSRF)

Real Estate Manager <= 7.3 - Cross-Site Request Forgery

Jun 19, 2025Unpatched
CVE-2025-50044medium · 4.3Cross-Site Request Forgery (CSRF)

Real Estate Manager <= 7.3 - Cross-Site Request Forgery

Jun 19, 2025Unpatched
CVE-2025-32596critical · 9.8Improper Control of Generation of Code ('Code Injection')

Real Estate Manager <= 7.3 - Unauthenticated Remote Code Execution

Apr 15, 2025Unpatched
CVE-2025-32668critical · 9.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Real Estate Manager <= 7.3 - Unauthenticated Local File Inclusion

Apr 9, 2025Unpatched
CVE-2025-32150high · 8.8Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Real Estate Manager <= 7.3 - Authenticated (Contributor+) Local File Inclusion

Apr 4, 2025Unpatched
CVE-2025-22645medium · 5.3Guessable CAPTCHA

Real Estate Manager – Property Listing and Agent Management <= 7.3 - CAPTCHA Bypass

Feb 3, 2025Unpatched
CVE-2023-4239high · 8.8Improper Privilege Management

Real Estate Manager <= 7.2 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation

Aug 8, 2023Unpatched
WF-fc06ba09-9562-4d97-90ff-5464399feced-real-estate-managermedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Real Estate Manager – Property Listing and Agent Management <= 6.8 - Cross-Site Scripting

Jun 13, 2019 Patched in 7.0 (1759d)
Code Analysis
Analyzed Mar 16, 2026

Real Estate Manager – Property Listing and Agent Management Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
378
1643 escaped
Nonce Checks
24
Capability Checks
14
File Operations
0
External Requests
4
Bundled Libraries
1

Dangerous Functions Found

unserialize$page_custom_width = (isset($metabox_data['_uncode_specific_layout_width_custom'][0])) ? unserializetemplates\single\Uncode.php:74

Bundled Libraries

Select2

Output Escaping

81% escaped2021 total outputs
Data Flows
7 unsanitized

Data Flow Analysis

14 flows7 with unsanitized paths
rem_user_login_check (classes\shortcodes.class.php:1649)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
11 unprotected

Real Estate Manager – Property Listing and Agent Management Attack Surface

Entry Points45
Unprotected11

AJAX Handlers 25

authwp_ajax_rem_compare_propertiesclasses\hooks.class.php:26
noprivwp_ajax_rem_compare_propertiesclasses\hooks.class.php:27
authwp_ajax_wcp_rem_save_settingsclasses\setup.class.php:65
authwp_ajax_rem_save_bulk_editclasses\setup.class.php:68
authwp_ajax_rem_contact_agentclasses\setup.class.php:71
noprivwp_ajax_rem_contact_agentclasses\setup.class.php:72
authwp_ajax_rem_get_statesclasses\setup.class.php:75
noprivwp_ajax_rem_get_statesclasses\setup.class.php:76
authwp_ajax_deny_agentclasses\setup.class.php:79
authwp_ajax_approve_agentclasses\setup.class.php:80
authwp_ajax_rem_create_pages_autoclasses\setup.class.php:83
authwp_ajax_wcp_rem_save_custom_agent_fieldsclasses\setup.class.php:92
authwp_ajax_wcp_rem_reset_custom_agent_fieldsclasses\setup.class.php:93
noprivwp_ajax_rem_user_loginclasses\shortcodes.class.php:48
authwp_ajax_rem_create_pro_ajaxclasses\shortcodes.class.php:51
authwp_ajax_rem_save_profile_frontclasses\shortcodes.class.php:54
authwp_ajax_rem_search_propertyclasses\shortcodes.class.php:57
noprivwp_ajax_rem_search_propertyclasses\shortcodes.class.php:58
authwp_ajax_rem_search_autocompleteclasses\shortcodes.class.php:61
noprivwp_ajax_rem_search_autocompleteclasses\shortcodes.class.php:62
authwp_ajax_rem_list_properties_ajaxclasses\shortcodes.class.php:65
noprivwp_ajax_rem_list_properties_ajaxclasses\shortcodes.class.php:66
noprivwp_ajax_rem_agent_registerclasses\shortcodes.class.php:69
authwp_ajax_rem_delete_propertyclasses\shortcodes.class.php:72
authwp_ajax_rem_change_passwordclasses\shortcodes.class.php:75

Shortcodes 20

[rem_register_agent] classes\shortcodes.class.php:14
[rem_search_property] classes\shortcodes.class.php:15
[rem_search_property_inline] classes\shortcodes.class.php:16
[rem_agent_login] classes\shortcodes.class.php:17
[rem_create_property] classes\shortcodes.class.php:18
[rem_edit_property] classes\shortcodes.class.php:19
[rem_list_properties] classes\shortcodes.class.php:20
[rem_search_results] classes\shortcodes.class.php:21
[rem_carousel] classes\shortcodes.class.php:22
[rem_maps] classes\shortcodes.class.php:23
[rem_agents_map] classes\shortcodes.class.php:24
[rem_agent_profile] classes\shortcodes.class.php:25
[rem_my_profile] classes\shortcodes.class.php:26
[rem_agent_edit] classes\shortcodes.class.php:27
[rem_property] classes\shortcodes.class.php:28
[rem_list_agents] classes\shortcodes.class.php:29
[rem_agent_logout] classes\shortcodes.class.php:30
[rem_categories] classes\shortcodes.class.php:31
[rem_change_password] classes\shortcodes.class.php:32
[rem_property_field] classes\shortcodes.class.php:33
WordPress Hooks 109
filterblock_categories_allclasses\blocks.class.php:9
actionenqueue_block_editor_assetsclasses\blocks.class.php:10
actioninitclasses\blocks.class.php:11
filterrem_gutenberg_blocksclasses\blocks.class.php:12
actionrem_new_agent_registerclasses\emails.class.php:10
actionrem_new_agent_approvedclasses\emails.class.php:11
actionrem_new_agent_rejectedclasses\emails.class.php:12
actionrem_new_property_submittedclasses\emails.class.php:13
actionrem_new_property_approvedclasses\emails.class.php:14
actionrem_agent_pictureclasses\hooks.class.php:10
actionrem_single_agent_after_contact_formclasses\hooks.class.php:11
actionagent_page_locationclasses\hooks.class.php:12
actionagent_page_contact_formclasses\hooks.class.php:13
actionrem_contact_social_iconsclasses\hooks.class.php:14
actionrem_single_property_agentclasses\hooks.class.php:15
actionrem_property_box_agent_infoclasses\hooks.class.php:17
actionrem_property_boxclasses\hooks.class.php:18
actionrem_agent_boxclasses\hooks.class.php:19
actionrem_property_details_iconsclasses\hooks.class.php:20
actionrem_property_pictureclasses\hooks.class.php:21
actionrem_listing_footerclasses\hooks.class.php:22
actionrem_property_box_addressclasses\hooks.class.php:23
actionwp_footerclasses\hooks.class.php:24
actiontransition_post_statusclasses\hooks.class.php:30
filterrem_property_featuresclasses\hooks.class.php:33
filterrem_property_typesclasses\hooks.class.php:34
filterrem_property_purposesclasses\hooks.class.php:35
filterrem_property_statusesclasses\hooks.class.php:36
filterrem_maps_location_iconclasses\hooks.class.php:37
filterrem_maps_drag_iconclasses\hooks.class.php:38
filterrem_maps_apiclasses\hooks.class.php:39
actionrem_single_property_page_sliderclasses\hooks.class.php:42
actionrem_single_property_page_titleclasses\hooks.class.php:43
actionrem_single_property_page_contentsclasses\hooks.class.php:44
actionrem_single_property_page_sectionsclasses\hooks.class.php:45
actionrem_single_property_page_featuresclasses\hooks.class.php:46
actionrem_single_property_page_mapclasses\hooks.class.php:47
actionrem_single_property_page_tagsclasses\hooks.class.php:48
actionrem_single_property_page_editclasses\hooks.class.php:49
actionrem_single_property_page_childsclasses\hooks.class.php:50
actionrem_paginationclasses\hooks.class.php:53
filterget_the_archive_titleclasses\hooks.class.php:56
actionpre_get_postsclasses\hooks.class.php:57
filterplugin_row_metaclasses\hooks.class.php:58
filtermanage_rem_property_posts_columnsclasses\hooks.class.php:60
actionmanage_rem_property_posts_custom_columnclasses\hooks.class.php:61
actionrem_agent_contact_before_submitclasses\hooks.class.php:64
filterrem_redirect_after_property_submitclasses\hooks.class.php:67
filterrem_redirect_after_property_editclasses\hooks.class.php:70
filterajax_query_attachments_argsclasses\hooks.class.php:73
filteruser_has_capclasses\hooks.class.php:74
actionrem_property_ribbonclasses\hooks.class.php:77
filterwpex_post_layout_classclasses\hooks.class.php:80
filterrem_property_iconsclasses\hooks.class.php:83
filterrem_property_fields_colsclasses\hooks.class.php:86
filterrem_after_admin_tab_property_detailsclasses\hooks.class.php:89
actionpre_user_queryclasses\hooks.class.php:92
actionrem_max_container_widthclasses\hooks.class.php:95
actionrem_agent_contact_before_submitclasses\hooks.class.php:98
actionrem_single_property_agentclasses\hooks.class.php:101
filterrem_single_property_sectionsclasses\hooks.class.php:105
filterrem_property_settings_fieldsclasses\hooks.class.php:106
filterrem_single_property_field_columns_frontendclasses\hooks.class.php:107
filterrem_single_property_inside_energy_efficiencyclasses\hooks.class.php:108
filterrem_create_property_before_submitclasses\hooks.class.php:112
filterrem_edit_property_before_submitclasses\hooks.class.php:113
filteradmin_print_footer_scriptsclasses\hooks.class.php:114
filterwp_insert_post_dataclasses\hooks.class.php:115
actioninitclasses\setup.class.php:17
actionadmin_menuclasses\setup.class.php:18
actionadmin_enqueue_scriptsclasses\setup.class.php:19
actionwp_enqueue_scriptsclasses\setup.class.php:20
actionsave_postclasses\setup.class.php:21
actionsave_postclasses\setup.class.php:22
actionadd_meta_boxesclasses\setup.class.php:23
actionadmin_initclasses\setup.class.php:24
actionshow_user_profileclasses\setup.class.php:27
actionedit_user_profileclasses\setup.class.php:28
actionpersonal_options_updateclasses\setup.class.php:31
actionedit_user_profile_updateclasses\setup.class.php:32
actionquick_edit_custom_boxclasses\setup.class.php:35
actionbulk_edit_custom_boxclasses\setup.class.php:36
filterpost_updated_messagesclasses\setup.class.php:39
filtertemplate_includeclasses\setup.class.php:40
actionplugins_loadedclasses\setup.class.php:46
filterwp_dropdown_usersclasses\setup.class.php:49
filterload-options-permalink.phpclasses\setup.class.php:52
actionrem_property_cat_add_form_fieldsclasses\setup.class.php:55
actioncreated_rem_property_catclasses\setup.class.php:56
actionrem_property_cat_edit_form_fieldsclasses\setup.class.php:57
actionedited_rem_property_catclasses\setup.class.php:58
filtermanage_rem_property_posts_columnsclasses\setup.class.php:86
actionmanage_rem_property_posts_custom_columnclasses\setup.class.php:87
actionmanage_edit-rem_property_sortable_columnsclasses\setup.class.php:88
actionrestrict_manage_postsclasses\setup.class.php:89
filterparse_queryclasses\setup.class.php:90
actionafter_setup_themeclasses\setup.class.php:94
filtermce_buttonsclasses\setup.class.php:95
filteruse_block_editor_for_post_typeclasses\setup.class.php:96
actionpage_attributes_misc_attributesclasses\setup.class.php:99
actionvc_before_initclasses\shortcodes.class.php:38
actionet_builder_readyclasses\shortcodes.class.php:39
actionelementor/elements/categories_registeredclasses\shortcodes.class.php:40
actionelementor/widgets/registerclasses\shortcodes.class.php:41
actionwidgets_initclasses\widgets\ajax-search-properties.php:156
actionwidgets_initclasses\widgets\mortgage-calculator.php:87
actionwidgets_initclasses\widgets\recent-properties.php:126
actionwidgets_initclasses\widgets\search-properties.php:288
actionwidgets_initclasses\widgets\tags-cloud.php:57
Maintenance & Trust

Real Estate Manager – Property Listing and Agent Management Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8
Last updatedMay 29, 2024
PHP min version
Downloads41K

Community Trust

Rating98/100
Number of ratings37
Active installs700
Alternatives

Real Estate Manager – Property Listing and Agent Management Alternatives

Easy Property Listings

Easy Property Listings

easy-property-listings

D
42

Fast. Flexible. Forward-thinking solution for real estate agents using WordPress. Built for scale, listing management and works with any theme.

5K 2 unpatched
WPCasa

WPCasa

wpcasa

A
90

Flexible WordPress plugin to create professional real estate websites and manage property listings with ease.

1K 4 CVEs
WP All Import – Property Import for RealHomes

WP All Import – Property Import for RealHomes

realhomes-xml-csv-property-listings-import

A
100

Drag & drop to import real estate listings from any CSV, XML, Excel, or Google Sheets file of any size or format. Supports images, floor plans, am &hellip;

700 No CVEs
WP All Import – Property Import for WP Residence

WP All Import – Property Import for WP Residence

wp-residence-add-on-for-wp-all-import

A
100

Drag & drop to import real estate listings from any CSV, XML, Excel, or Google Sheets file of any size or format. Supports images, floor plans, am &hellip;

700 No CVEs
Buying Buddy IDX CRM – Real Estate MLS Plugin

Buying Buddy IDX CRM – Real Estate MLS Plugin

buying-buddy-idx-crm

A
97

Transform your WordPress site into a powerful real estate platform with seamless MLS integration, IDX search, and built-in CRM - no databases or techn &hellip;

400 2 CVEs
Developer Profile

Real Estate Manager – Property Listing and Agent Management Developer Profile

Rameez Iqbal

1 plugin · 700 total installs

17
trust score
Avg Security Score
12/100
Avg Patch Time
1759 days
View full developer profile
Detection Fingerprints

How We Detect Real Estate Manager – Property Listing and Agent Management

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/real-estate-manager/assets/admin/css/bootstrap.min.css/wp-content/plugins/real-estate-manager/assets/admin/js/blocks/login-agent.js/wp-content/plugins/real-estate-manager/assets/admin/js/blocks/register-agent.js/wp-content/plugins/real-estate-manager/assets/admin/js/blocks/simple-search.js
Script Paths
/wp-content/plugins/real-estate-manager/assets/admin/js/blocks/login-agent.js/wp-content/plugins/real-estate-manager/assets/admin/js/blocks/register-agent.js/wp-content/plugins/real-estate-manager/assets/admin/js/blocks/simple-search.js
Version Parameters
real-estate-manager/assets/admin/js/blocks/login-agent.js?ver=real-estate-manager/assets/admin/js/blocks/register-agent.js?ver=real-estate-manager/assets/admin/js/blocks/simple-search.js?ver=

HTML / DOM Fingerprints

CSS Classes
rem-gutenberg-blocks
Data Attributes
data-block="real-estate-manager/login-agent"data-block="real-estate-manager/register-agent"data-block="real-estate-manager/simple-search"
JS Globals
rem_gutenberg_blocksrem_get_option
Shortcode Output
[login-agent][register-agent][simple-search]
FAQ

Frequently Asked Questions about Real Estate Manager – Property Listing and Agent Management