WP-Safety

SimplyRETS Real Estate IDX Security & Risk Analysis

wordpress.org/plugins/simply-rets

Show your Real Estate listings on your website, simply! SimplyRETS makes it easy to search and display MLS listings on your WordPress website, and giv …

300 active installs v3.2.1 PHP + WP 3.0.1+ Updated Mar 12, 2026
idxidx-pluginmlsreso-web-apirets
77
B · Generally Safe
CVEs total3
Unpatched1
Last CVEApr 1, 2025
Plugin page Download
Safety Verdict

Is SimplyRETS Real Estate IDX Safe to Use in 2026?

Mostly Safe

Score 77/100

SimplyRETS Real Estate IDX is generally safe to use. 3 past CVEs were resolved. Keep it updated.

3 known CVEs 1 unpatched Last CVE: Apr 1, 2025Updated 22d ago
Risk Assessment

The "simply-rets" v3.2.1 plugin exhibits a mixed security posture. While it demonstrates good practices in some areas, such as using prepared statements for all SQL queries and a high percentage of properly escaped output, significant concerns remain. The presence of two AJAX handlers without authentication checks presents a notable attack vector, as does the limited capability checks and nonce checks across its entry points. The plugin's vulnerability history is particularly concerning, with three known medium-severity CVEs, one of which remains unpatched. The common vulnerability types of CSRF and Cross-site Scripting suggest recurring issues with input handling and authorization.

Overall, the plugin has strengths in its SQL handling and output escaping, but the unpatched vulnerability and unprotected AJAX handlers introduce substantial risk. The history of CSRF and XSS vulnerabilities points to a need for more robust input validation and authorization mechanisms. The limited taint analysis results are positive but do not negate the existing known vulnerabilities and structural weaknesses identified in the static analysis. A user of this plugin should be aware of the unpatched vulnerability and the potential for attacks targeting the unprotected AJAX endpoints.

Key Concerns

  • Unpatched CVEs
  • AJAX handlers without auth checks
  • Limited nonce checks
  • Limited capability checks
Vulnerabilities
3

SimplyRETS Real Estate IDX Security Vulnerabilities

CVEs by Year

3 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-31011medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SimplyRETS Real Estate IDX <= 3.1.0 - Reflected Cross-Site Scripting

Apr 1, 2025Unpatched
CVE-2025-31010medium · 4.3Cross-Site Request Forgery (CSRF)

SimplyRETS Real Estate IDX <= 3.0.5 - Cross-Site Request Forgery

Mar 27, 2025 Patched in 3.1.0 (218d)
CVE-2024-12491medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SimplyRETS Real Estate IDX <= 2.11.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 8, 2025 Patched in 3.0.0 (16d)
Code Analysis
Analyzed Mar 16, 2026

SimplyRETS Real Estate IDX Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
39
405 escaped
Nonce Checks
5
Capability Checks
4
File Operations
1
External Requests
2
Bundled Libraries
0

Output Escaping

91% escaped444 total outputs
Attack Surface
2 unprotected

SimplyRETS Real Estate IDX Attack Surface

Entry Points8
Unprotected2

AJAX Handlers 2

noprivwp_ajax_update_int_map_datasimply-rets-maps.php:19
authwp_ajax_update_int_map_datasimply-rets-maps.php:24

Shortcodes 6

[sr_residential] simply-rets.php:46
[sr_listings] simply-rets.php:47
[sr_openhouses] simply-rets.php:48
[sr_search_form] simply-rets.php:49
[sr_listings_slider] simply-rets.php:50
[sr_map_search] simply-rets.php:51
WordPress Hooks 26
actionwp_loadedsimply-rets-admin.php:15
actionadmin_noticessimply-rets-admin.php:16
actionwp_headsimply-rets-maps.php:14
actioninitsimply-rets-post-pages.php:15
actioninitsimply-rets-post-pages.php:16
filtercomments_templatesimply-rets-post-pages.php:17
filtersingle_templatesimply-rets-post-pages.php:18
filterthe_contentsimply-rets-post-pages.php:19
filterthe_postssimply-rets-post-pages.php:20
actionadd_meta_boxessimply-rets-post-pages.php:21
actionadd_meta_boxessimply-rets-post-pages.php:22
actionsave_postsimply-rets-post-pages.php:23
actionsave_postsimply-rets-post-pages.php:24
actionadmin_initsimply-rets-post-pages.php:25
actionadmin_enqueue_scriptssimply-rets-post-pages.php:26
actionsr_update_adv_search_meta_actionsimply-rets-post-pages.php:29
filterrewrite_rules_arraysimply-rets-post-pages.php:31
actioninitsimply-rets-shortcode.php:16
filtermce_external_pluginssimply-rets-shortcode.php:27
filtermce_buttonssimply-rets-shortcode.php:28
actionadmin_initsimply-rets.php:42
actionadmin_menusimply-rets.php:43
actionwidgets_initsimply-rets.php:53
actionwp_enqueue_scriptssimply-rets.php:54
actionwp_enqueue_scriptssimply-rets.php:55
filterquery_varssimply-rets.php:56

Scheduled Events 1

sr_update_adv_search_options_action
Maintenance & Trust

SimplyRETS Real Estate IDX Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 12, 2026
PHP min version
Downloads42K

Community Trust

Rating98/100
Number of ratings8
Active installs300
Alternatives

SimplyRETS Real Estate IDX Alternatives

Estatik Real Estate Plugin

Estatik Real Estate Plugin

estatik

F
24

You will love its clean design, simple use, and colorful themes. WordPress real estate plugin Estatik is a worthy choice for single agents and portals

10K 2 unpatched
Optima Express IDX

Optima Express IDX

optima-express

A
100

Embed real estate property listings, market reports & MLS data on your WordPress site. Responsive design, great SEO & proven lead capture.

8K 1 CVE
Realtyna Organic IDX plugin + WPL Real Estate

Realtyna Organic IDX plugin + WPL Real Estate

real-estate-listing-realtyna-wpl

A
87

Your comprehensive solution for creating dynamic and feature-rich real estate websites on WordPress. Designed to cater to the diverse needs of real es &hellip;

2K 4 CVEs
Rover IDX

Rover IDX

rover-idx

A
98

Rover IDX displays searchable, mobile-friendly MLS listings on your site, using customizable layouts.

200 2 CVEs
Apex IDX

Apex IDX

apex-idx

A
85

Use the superior IDX solution to easily integrate MLS listings on your real estate website. Lead driving, responsive designs with dominant SEO.

70 No CVEs
Developer Profile

SimplyRETS Real Estate IDX Developer Profile

ReichertBrothers

1 plugin · 300 total installs

63
trust score
Avg Security Score
77/100
Avg Patch Time
117 days
View full developer profile
Detection Fingerprints

How We Detect SimplyRETS Real Estate IDX

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/simply-rets/assets/css/simply-rets-client.css/wp-content/plugins/simply-rets/assets/js/simply-rets-client.js
Script Paths
/wp-content/plugins/simply-rets/assets/js/simply-rets-client.js
Version Parameters
simply-rets/assets/css/simply-rets-client.css?ver=simply-rets/assets/js/simply-rets-client.js?ver=

HTML / DOM Fingerprints

CSS Classes
sr-listings-wrappersr-search-form-wrappersr-map-wrappersr-listing-slider-wrappersr-listing-item
HTML Comments
<!-- Filter Results on This Page --><!-- Page Template --><!-- TODO: load css/js only on sr-listings post type pages when admin --><!-- and move these into a constructor -->+2 more
Data Attributes
data-sr-listing-iddata-sr-listing-agent-iddata-sr-listing-typedata-sr-listing-price
JS Globals
SimplyRetsClient
Shortcode Output
[sr_residential][sr_listings][sr_openhouses][sr_search_form]
FAQ

Frequently Asked Questions about SimplyRETS Real Estate IDX