WP-Safety

Realty by BestWebSoft Security & Risk Analysis

wordpress.org/plugins/realty

Create your personal real estate WordPress website. Sell, rent and buy properties. Add, search and browse listings easily.

20 active installs v1.1.6 PHP + WP 5.6+ Updated Jun 12, 2025
add-agentsadd-propertyagentfind-propertyproperty-info
99
A · Safe
CVEs total2
Unpatched0
Last CVENov 4, 2024
Plugin page Download
Safety Verdict

Is Realty by BestWebSoft Safe to Use in 2026?

Generally Safe

Score 99/100

Realty by BestWebSoft has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Nov 4, 2024Updated 9mo ago
Risk Assessment

The "realty" plugin v1.1.6 exhibits a mixed security posture. While it boasts a low number of unprotected entry points and a good percentage of properly escaped outputs, significant concerns exist regarding its use of dangerous functions and the presence of outdated bundled libraries. The static analysis reveals the use of `unserialize`, which is inherently risky if not handled with extreme caution and proper sanitization of the serialized data source. Although taint analysis did not flag any immediate unsanitized flows, the potential for serialization vulnerabilities remains a considerable risk. The vulnerability history, while currently showing no unpatched CVEs, indicates a past pattern of medium severity vulnerabilities, specifically Cross-site Scripting (XSS). This suggests a tendency for certain types of input validation or output sanitization issues to arise within this plugin.

Overall, the plugin has strengths in its limited attack surface and output escaping. However, the reliance on `unserialize` and the inclusion of an older version of Select2 present tangible risks. The historical vulnerability pattern warrants vigilance. A balanced conclusion is that while the plugin is not critically vulnerable based on the provided data, proactive measures to secure the `unserialize` function and update bundled libraries are strongly recommended to mitigate potential threats and prevent future recurrences of past vulnerability types.

Key Concerns

  • Use of dangerous function 'unserialize'
  • Bundled outdated library: Select2 v3.3.2
  • SQL queries: only 81% use prepared statements
Vulnerabilities
2

Realty by BestWebSoft Security Vulnerabilities

CVEs by Year

1 CVE in 2017
2017
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-51786medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Realty by BestWebSoft <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Nov 4, 2024 Patched in 1.1.6 (10d)
CVE-2017-18532medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Realty by BestWebSoft < 1.1.0 - Reflected Cross-Site Scripting

Apr 17, 2017 Patched in 1.1.0 (2472d)
Code Analysis
Analyzed Mar 16, 2026

Realty by BestWebSoft Code Analysis

Dangerous Functions
4
Raw SQL Queries
22
5 prepared
Unescaped Output
107
526 escaped
Nonce Checks
19
Capability Checks
3
File Operations
6
External Requests
6
Bundled Libraries
1

Dangerous Functions Found

unserialize$recent_item['property_info_photos'] = unserialize( $recent_item['property_info_photos'] ); ?>realty.php:861
unserialize$property_info['property_info_photos'] = unserialize( $property_info['property_info_photos'] );realty.php:1075
unserialize$property_info['property_info_photos'] = unserialize( $property_info['property_info_photos'] ); ?>realty.php:1841
unserialize$property_info['property_info_photos'] = unserialize( $property_info['property_info_photos'] );realty.php:1896

Bundled Libraries

Select23.3.2

SQL Query Safety

19% prepared27 total queries

Output Escaping

83% escaped633 total outputs
Data Flows
All sanitized

Data Flow Analysis

6 flows
bws_add_menu_render (bws_menu\bws_menu.php:12)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Realty by BestWebSoft Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 2

authwp_ajax_bws_submit_request_feature_actionbws_menu\class-bws-settings.php:1453
authwp_ajax_bws_submit_uninstall_reason_actionbws_menu\deactivation-form.php:433
WordPress Hooks 40
filterload_textdomain_mofilebws_menu\bws_functions.php:37
filtermce_external_pluginsbws_menu\bws_functions.php:1098
filtermce_buttonsbws_menu\bws_functions.php:1099
actionadmin_initbws_menu\bws_functions.php:1374
actionadmin_enqueue_scriptsbws_menu\bws_functions.php:1375
actionadmin_headbws_menu\bws_functions.php:1376
actionadmin_footerbws_menu\bws_functions.php:1377
actionadmin_noticesbws_menu\bws_functions.php:1379
actionwp_enqueue_scriptsbws_menu\bws_functions.php:1381
actionload-post.phprealty.php:78
actionload-edit.phprealty.php:79
actionload-post-new.phprealty.php:80
actionload-edit-tags.phprealty.php:81
actiontemplate_includerealty.php:121
actioninitrealty.php:2047
actionadmin_initrealty.php:2048
actionplugins_loadedrealty.php:2049
actionwidgets_initrealty.php:2051
actionadmin_menurealty.php:2052
filtermanage_edit-property_columnsrealty.php:2053
actionrestrict_manage_postsrealty.php:2054
actionpre_get_postsrealty.php:2055
actionsave_postrealty.php:2056
actionbefore_delete_postrealty.php:2057
filterplugin_action_linksrealty.php:2060
filterplugin_row_metarealty.php:2061
actionadmin_enqueue_scriptsrealty.php:2063
actionwp_enqueue_scriptsrealty.php:2064
actionwp_footerrealty.php:2065
filterbody_classrealty.php:2067
filterrewrite_rules_arrayrealty.php:2069
actionwp_loadedrealty.php:2070
filterquery_varsrealty.php:2071
filterrealty_request_urirealty.php:2072
filterpaginate_linksrealty.php:2073
filterbwsplgns_get_pdf_print_contentrealty.php:2076
filterrlt_formatting_pricerealty.php:2078
actionrlt_check_form_varsrealty.php:2079
actionrlt_search_navrealty.php:2080
actionadmin_noticesrealty.php:2082
Maintenance & Trust

Realty by BestWebSoft Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedJun 12, 2025
PHP min version
Downloads10K

Community Trust

Rating68/100
Number of ratings5
Active installs20
Alternatives

Realty by BestWebSoft Alternatives

ActiveCampaign – The autonomous marketing platform

ActiveCampaign – The autonomous marketing platform

activecampaign-subscription-forms

A
96

Add ActiveCampaign contact forms and live chat to any post, page, or sidebar. Also enable ActiveCampaign site tracking for your WordPress blog.

40K 4 CVEs
Essential Real Estate

Essential Real Estate

essential-real-estate

F
17

Completely plugins Real Estate. Management system which allows you to own and maintain a real estate marketplace, intro website.

8K 3 unpatched
Property Hive

Property Hive

propertyhive

B
82

Building a property website? Property Hive has everything you need to get started, and so much more.

3K 18 CVEs
IP Ban

IP Ban

simple-ip-ban

B
84

Simple IP Ban is a lightweight ip / user agent ban plugin.

2K 1 CVE
Agent Image News

Agent Image News

agent-image-news

A
85

Get the latest real estate Internet marketing news, website advice and tech tips from Agent Image.

1K No CVEs
Developer Profile

Realty by BestWebSoft Developer Profile

bestweblayout

32 plugins · 17K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
1944 days
View full developer profile
Detection Fingerprints

How We Detect Realty by BestWebSoft

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/realty/assets/css/realty-frontend.css/wp-content/plugins/realty/assets/css/responsive.css/wp-content/plugins/realty/assets/js/realty-frontend.js/wp-content/plugins/realty/assets/js/realty-admin.js/wp-content/plugins/realty/bws_menu/css/bws_menu.css
Script Paths
/wp-content/plugins/realty/assets/js/realty-frontend.js/wp-content/plugins/realty/assets/js/realty-admin.js
Version Parameters
realty/assets/css/realty-frontend.css?ver=realty/assets/css/responsive.css?ver=realty/assets/js/realty-frontend.js?ver=realty/assets/js/realty-admin.js?ver=realty/bws_menu/css/bws_menu.css?ver=

HTML / DOM Fingerprints

CSS Classes
rlt_property_search_wraprealty_property_single_innerrealty-property-listingrlt-agent-single-wrap
HTML Comments
© Copyright 2020 BestWebSoft ( https://support.bestwebsoft.com )This program is free software; you can redistribute it and/or modifyThis program is distributed in the hope that it will be useful,You should have received a copy of the GNU General Public License+7 more
Data Attributes
data-rlt-search-results-mapdata-rlt-property-mapdata-rlt-property-iddata-rlt-agent-id
JS Globals
realty_frontend_params
REST Endpoints
/wp-json/realty/v1/properties/wp-json/realty/v1/agents
Shortcode Output
[realty_property_search][realty_property_listing][realty_agent_listing]
FAQ

Frequently Asked Questions about Realty by BestWebSoft