Does Realtor Express have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Realtor Express compatible with WordPress 3.5.2?

According to WordPress.org data, Realtor Express 1.0.4 has been tested up to WordPress 3.5.2. Check the plugin's changelog for the latest compatibility information.

How often is Realtor Express updated?

Realtor Express was last updated on Dec 16, 2012. Frequent updates are generally a positive security signal.

What is Realtor Express's security score?

Realtor Express has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Realtor Express Security & Risk Analysis

wordpress.org/plugins/realtor-express

Easy, fast, and simple listings management for realtors.

10 active installs v1.0.4 PHP + WP 3.0+ Updated Dec 16, 2012

listingspropertyreal-estaterealtor

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Realtor Express Safe to Use in 2026?

Generally Safe

Score 85/100

Realtor Express has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

The "realtor-express" plugin v1.0.4 demonstrates a generally strong security posture, primarily due to its diligent use of prepared statements for all SQL queries and a high percentage of properly escaped output. The absence of known CVEs and unpatched vulnerabilities, along with no critical or high severity taint flows, further contribute to a positive security assessment. The plugin also incorporates nonce and capability checks, indicating an awareness of common WordPress security practices.

However, the static analysis reveals two instances of the `unserialize` function, which is a significant concern. Unsanitized data passed to `unserialize` can lead to Remote Code Execution (RCE) vulnerabilities if an attacker can control the serialized data. While no specific flows with unsanitized paths were identified in the taint analysis, the mere presence of `unserialize` without explicit sanitization logic presents a potential risk. The attack surface is relatively small and all identified entry points (shortcodes) are reported as unprotected, meaning they do not have explicit authorization checks. This, combined with the `unserialize` risk, suggests a need for careful review of how data is handled by these shortcodes.

In conclusion, while "realtor-express" v1.0.4 exhibits good practices in many areas, the identified use of `unserialize` and the lack of authorization checks on its shortcodes represent notable weaknesses. The plugin's clean vulnerability history is encouraging, but the potential risks introduced by the `unserialize` function warrant attention to ensure secure data handling and prevent future exploitability.

Key Concerns

Use of unserialize function
Shortcodes without explicit auth checks

Vulnerabilities

None known

Realtor Express Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Realtor Express Release Timeline

v1.0.4Current

v1.0.3

v1.0.2

v1.0.1

v1.0

Code Analysis

Analyzed Apr 16, 2026

Realtor Express Code Analysis

Dangerous Functions

Raw SQL Queries

10 prepared

Unescaped Output

159 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializereturn unserialize( $result );models/RexListing.php:232

unserialize$unserialized = unserialize( $listing->location );models/RexListing.php:322

SQL Query Safety

100% prepared10 total queries

Output Escaping

81% escaped196 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

3 flows

<RexGalleryServer> (includes/RexGalleryServer.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Realtor Express Attack Surface

Entry Points5

Unprotected0

Shortcodes 5

[rex_gallery] includes/RexInit.php:163

[rex_map] includes/RexInit.php:164

[rex_multi_map] includes/RexInit.php:165

[rex_details] includes/RexInit.php:166

[rex_listings] includes/RexInit.php:167

WordPress Hooks 18

actioninitincludes/RexApp.php:17

actioninitincludes/RexApp.php:20

actioninitincludes/RexApp.php:23

actionplugins_loadedincludes/RexApp.php:29

actioninitincludes/RexApp.php:32

actionwidgets_initincludes/RexApp.php:35

actionwp_enqueue_scriptsincludes/RexApp.php:38

actionadmin_enqueue_scriptsincludes/RexApp.php:39

actioninitincludes/RexApp.php:42

actionadd_meta_boxesincludes/RexApp.php:45

actionsave_postincludes/RexApp.php:46

actiondelete_postincludes/RexApp.php:47

actionadmin_menuincludes/RexApp.php:50

actionadmin_menuincludes/RexApp.php:53

filterposts_joinincludes/RexApp.php:66

filterposts_whereincludes/RexApp.php:67

filterthe_postsincludes/RexApp.php:68

filterthe_postsincludes/RexApp.php:69

Maintenance & Trust

Realtor Express Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2

Last updatedDec 16, 2012

PHP min version

Downloads4K

Community Trust

Rating20/100

Number of ratings2

Active installs10

Alternatives

Realtor Express Alternatives

WPCasa

wpcasa

Flexible WordPress plugin to create professional real estate websites and manage property listings with ease.

1K 4 CVEs

Spacento – Property listings for Real estate agents

spacento

Create real estate listings website. Add property, get leads.

0 No CVEs

Essential Real Estate

essential-real-estate

Completely plugins Real Estate. Management system which allows you to own and maintain a real estate marketplace, intro website.

8K 3 unpatched

Easy Property Listings

easy-property-listings

Fast. Flexible. Forward-thinking solution for real estate agents using WordPress. Built for scale, listing management and works with any theme.

5K 8 CVEs

Diverse Solutions IDX Real Estate Listings & MLS Search

dsidxpress

100

Easily add mobile and SEO-friendly MLS listings to your website to attract & engage visitors, plus lead capture tools to turn them into clients.

1K 1 CVE

Developer Profile

Realtor Express Developer Profile

amitai

2 plugins · 20 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Realtor Express

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/realtor-express/css/style.css/wp-content/plugins/realtor-express/css/admin_style.css/wp-content/plugins/realtor-express/js/rex.js/wp-content/plugins/realtor-express/js/admin_rex.js/wp-content/plugins/realtor-express/js/gmap.js/wp-content/plugins/realtor-express/plugins/lightbox/js/lightbox.js/wp-content/plugins/realtor-express/plugins/lightbox/css/lightbox.css

Script Paths

https://maps.googleapis.com/maps/api/js?sensor=false

Version Parameters

realtor-express/css/style.css?ver=realtor-express/css/admin_style.css?ver=realtor-express/js/rex.js?ver=realtor-express/js/admin_rex.js?ver=realtor-express/js/gmap.js?ver=realtor-express/plugins/lightbox/js/lightbox.js?ver=realtor-express/plugins/lightbox/css/lightbox.css?ver=

HTML / DOM Fingerprints

CSS Classes

rex-listing-metarex-listing-imagesrex-listing-descriptionrex-listing-addressrex-listing-pricerex-listing-bedroomsrex-listing-bathroomsrex-listing-area+4 more

Data Attributes

data-rex-listing-id

JS Globals

REX_PLUGIN_URLrex

FAQ