WP-Safety

SimplyRETS Real Estate IDX Security & Risk Analysis

wordpress.org/plugins/simply-rets

Show your MLS listings on your website, simply! We make it easy add your listings to your website with full control. Contact us to get started today.

300 active installs v3.2.5 PHP + WP 3.0.1+ Updated Apr 10, 2026
idxmlsreal-estatereso-web-apirets
98
A · Safe
CVEs total3
Unpatched0
Last CVEApr 1, 2025
Plugin page Download
Safety Verdict

Is SimplyRETS Real Estate IDX Safe to Use in 2026?

Generally Safe

Score 98/100

SimplyRETS Real Estate IDX has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

3 known CVEsLast CVE: Apr 1, 2025Updated 1mo ago
Risk Assessment

The "simply-rets" v3.2.1 plugin exhibits a mixed security posture. While it demonstrates good practices in some areas, such as using prepared statements for all SQL queries and a high percentage of properly escaped output, significant concerns remain. The presence of two AJAX handlers without authentication checks presents a notable attack vector, as does the limited capability checks and nonce checks across its entry points. The plugin's vulnerability history is particularly concerning, with three known medium-severity CVEs, one of which remains unpatched. The common vulnerability types of CSRF and Cross-site Scripting suggest recurring issues with input handling and authorization.

Overall, the plugin has strengths in its SQL handling and output escaping, but the unpatched vulnerability and unprotected AJAX handlers introduce substantial risk. The history of CSRF and XSS vulnerabilities points to a need for more robust input validation and authorization mechanisms. The limited taint analysis results are positive but do not negate the existing known vulnerabilities and structural weaknesses identified in the static analysis. A user of this plugin should be aware of the unpatched vulnerability and the potential for attacks targeting the unprotected AJAX endpoints.

Key Concerns

  • Unpatched CVEs
  • AJAX handlers without auth checks
  • Limited nonce checks
  • Limited capability checks
Vulnerabilities
3 published

SimplyRETS Real Estate IDX Security Vulnerabilities

CVEs by Year

3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-31011medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SimplyRETS Real Estate IDX <= 3.2.2 - Reflected Cross-Site Scripting

Apr 1, 2025 Patched in 3.2.3 (380d)
CVE-2025-31010medium · 4.3Cross-Site Request Forgery (CSRF)

SimplyRETS Real Estate IDX <= 3.0.5 - Cross-Site Request Forgery

Mar 27, 2025 Patched in 3.1.0 (218d)
CVE-2024-12491medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SimplyRETS Real Estate IDX <= 2.11.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 8, 2025 Patched in 3.0.0 (16d)
Version History

SimplyRETS Real Estate IDX Release Timeline

v3.2.5Current
v3.2.4
v3.2.3
v3.2.21 CVE
CVE-2025-31011
v3.2.11 CVE
CVE-2025-31011
v3.2.01 CVE
CVE-2025-31011
v3.1.11 CVE
CVE-2025-31011
v3.1.01 CVE
CVE-2025-31011
v3.0.52 CVEs
CVE-2025-31010 CVE-2025-31011
v3.0.42 CVEs
CVE-2025-31010 CVE-2025-31011
v3.0.32 CVEs
CVE-2025-31010 CVE-2025-31011
v3.0.22 CVEs
CVE-2025-31010 CVE-2025-31011
v3.0.12 CVEs
CVE-2025-31010 CVE-2025-31011
v3.0.02 CVEs
CVE-2025-31010 CVE-2025-31011
v2.11.33 CVEs
CVE-2025-31010 CVE-2024-12491 CVE-2025-31011
v2.11.23 CVEs
CVE-2025-31010 CVE-2024-12491 CVE-2025-31011
v2.11.13 CVEs
CVE-2025-31010 CVE-2024-12491 CVE-2025-31011
v2.11.03 CVEs
CVE-2025-31010 CVE-2024-12491 CVE-2025-31011
v2.10.63 CVEs
CVE-2025-31010 CVE-2024-12491 CVE-2025-31011
v2.10.53 CVEs
CVE-2025-31010 CVE-2024-12491 CVE-2025-31011
Code Analysis
Analyzed Mar 16, 2026

SimplyRETS Real Estate IDX Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
39
405 escaped
Nonce Checks
5
Capability Checks
4
File Operations
1
External Requests
2
Bundled Libraries
0

Output Escaping

91% escaped444 total outputs
Attack Surface
2 unprotected

SimplyRETS Real Estate IDX Attack Surface

Entry Points8
Unprotected2

AJAX Handlers 2

noprivwp_ajax_update_int_map_datasimply-rets-maps.php:19
authwp_ajax_update_int_map_datasimply-rets-maps.php:24

Shortcodes 6

[sr_residential] simply-rets.php:46
[sr_listings] simply-rets.php:47
[sr_openhouses] simply-rets.php:48
[sr_search_form] simply-rets.php:49
[sr_listings_slider] simply-rets.php:50
[sr_map_search] simply-rets.php:51
WordPress Hooks 26
actionwp_loadedsimply-rets-admin.php:15
actionadmin_noticessimply-rets-admin.php:16
actionwp_headsimply-rets-maps.php:14
actioninitsimply-rets-post-pages.php:15
actioninitsimply-rets-post-pages.php:16
filtercomments_templatesimply-rets-post-pages.php:17
filtersingle_templatesimply-rets-post-pages.php:18
filterthe_contentsimply-rets-post-pages.php:19
filterthe_postssimply-rets-post-pages.php:20
actionadd_meta_boxessimply-rets-post-pages.php:21
actionadd_meta_boxessimply-rets-post-pages.php:22
actionsave_postsimply-rets-post-pages.php:23
actionsave_postsimply-rets-post-pages.php:24
actionadmin_initsimply-rets-post-pages.php:25
actionadmin_enqueue_scriptssimply-rets-post-pages.php:26
actionsr_update_adv_search_meta_actionsimply-rets-post-pages.php:29
filterrewrite_rules_arraysimply-rets-post-pages.php:31
actioninitsimply-rets-shortcode.php:16
filtermce_external_pluginssimply-rets-shortcode.php:27
filtermce_buttonssimply-rets-shortcode.php:28
actionadmin_initsimply-rets.php:42
actionadmin_menusimply-rets.php:43
actionwidgets_initsimply-rets.php:53
actionwp_enqueue_scriptssimply-rets.php:54
actionwp_enqueue_scriptssimply-rets.php:55
filterquery_varssimply-rets.php:56

Scheduled Events 1

sr_update_adv_search_options_action
Maintenance & Trust

SimplyRETS Real Estate IDX Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 10, 2026
PHP min version
Downloads43K

Community Trust

Rating98/100
Number of ratings8
Active installs300
Alternatives

SimplyRETS Real Estate IDX Alternatives

Estatik Real Estate Plugin

Estatik Real Estate Plugin

estatik

D
31

You will love its clean design, simple use, and colorful themes. WordPress real estate plugin Estatik is a worthy choice for single agents and portals &hellip;

10K 2 unpatched
Realtyna Organic IDX plugin + WPL Real Estate

Realtyna Organic IDX plugin + WPL Real Estate

real-estate-listing-realtyna-wpl

A
87

Your comprehensive solution for creating dynamic and feature-rich real estate websites on WordPress. Designed to cater to the diverse needs of real es &hellip;

2K 4 CVEs
Optima Express IDX

Optima Express IDX

optima-express

A
100

Embed real estate property listings, market reports & MLS data on your WordPress site. Responsive design, great SEO & proven lead capture.

8K 1 CVE
Showcase IDX Real Estate Search & Lead Capture

Showcase IDX Real Estate Search & Lead Capture

showcase-idx

A
100

Add MLS listings to your website and capture more leads, all with one plugin! Showcase IDX is a top-performing real estate search plugin that's S &hellip;

2K No CVEs
Diverse Solutions IDX Real Estate Listings & MLS Search

Diverse Solutions IDX Real Estate Listings & MLS Search

dsidxpress

A
100

Easily add mobile and SEO-friendly MLS listings to your website to attract & engage visitors, plus lead capture tools to turn them into clients.

1K 1 CVE
Developer Profile

SimplyRETS Real Estate IDX Developer Profile

ReichertBrothers

1 plugin · 300 total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
205 days
View full developer profile
Detection Fingerprints

How We Detect SimplyRETS Real Estate IDX

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/simply-rets/assets/css/simply-rets-client.css/wp-content/plugins/simply-rets/assets/js/simply-rets-client.js
Script Paths
/wp-content/plugins/simply-rets/assets/js/simply-rets-client.js
Version Parameters
simply-rets/assets/css/simply-rets-client.css?ver=simply-rets/assets/js/simply-rets-client.js?ver=

HTML / DOM Fingerprints

CSS Classes
sr-listings-wrappersr-search-form-wrappersr-map-wrappersr-listing-slider-wrappersr-listing-item
HTML Comments
<!-- Filter Results on This Page --><!-- Page Template --><!-- TODO: load css/js only on sr-listings post type pages when admin --><!-- and move these into a constructor -->+2 more
Data Attributes
data-sr-listing-iddata-sr-listing-agent-iddata-sr-listing-typedata-sr-listing-price
JS Globals
SimplyRetsClient
Shortcode Output
[sr_residential][sr_listings][sr_openhouses][sr_search_form]
FAQ

Frequently Asked Questions about SimplyRETS Real Estate IDX