WP-Safety

WP Immo Security & Risk Analysis

wordpress.org/plugins/wp-immo

This plugin allow you to manage properties in WordPress.

10 active installs v1.1.4 PHP + WP 3.6+ Updated Jan 26, 2022
real-estate-software
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is WP Immo Safe to Use in 2026?

Generally Safe

Score 85/100

WP Immo has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The "wp-immo" v1.1.4 plugin exhibits a mixed security posture. While it has no recorded historical vulnerabilities, indicating a potentially stable development history, the static analysis reveals significant areas of concern. The plugin has a small but concerning attack surface, with 2 AJAX handlers, both of which lack authentication checks. This immediately exposes them to unauthorized execution, a critical weakness. Furthermore, the taint analysis indicates 5 out of 6 flows have unsanitized paths, though none reached critical or high severity. This suggests a potential for input validation issues that could be exploited if they were to lead to more severe consequences. The low percentage of properly escaped output (19%) is also a worrying sign, increasing the risk of cross-site scripting (XSS) vulnerabilities, especially when combined with unsanitized input paths. While the plugin avoids dangerous functions and has no bundled libraries, the lack of robust authentication on AJAX endpoints and the prevalence of unsanitized paths present immediate risks that outweigh the absence of known CVEs.

Key Concerns

  • AJAX handlers without auth checks
  • Flows with unsanitized paths (5/6)
  • Low percentage of properly escaped output
Vulnerabilities
None known

WP Immo Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WP Immo Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

WP Immo Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
2 prepared
Unescaped Output
209
50 escaped
Nonce Checks
5
Capability Checks
5
File Operations
14
External Requests
0
Bundled Libraries
0

SQL Query Safety

50% prepared4 total queries

Output Escaping

19% escaped259 total outputs
Data Flows · Security
5 unsanitized

Data Flow Analysis

6 flows5 with unsanitized paths
save_options (includes\wpimmo-process.php:13)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

WP Immo Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_wpimmo_importincludes\wpimmo.php:45
authwp_ajax_wpimmo_deleteincludes\wpimmo.php:46
WordPress Hooks 26
filterbody_classincludes\wpimmo-front.php:54
actionwidgets_initincludes\wpimmo-widgets.php:314
actionwidgets_initincludes\wpimmo-widgets.php:315
actionwidgets_initincludes\wpimmo-widgets.php:316
actionadmin_enqueue_scriptsincludes\wpimmo.php:41
actionwp_enqueue_scriptsincludes\wpimmo.php:42
filterpost_type_linkincludes\wpimmo.php:64
actionpre_get_postsincludes\wpimmo.php:65
actionadmin_headincludes\wpimmo.php:114
actionmanage_posts_custom_columnincludes\wpimmo.php:119
actionrestrict_manage_postsincludes\wpimmo.php:120
filterparse_queryincludes\wpimmo.php:121
actionsave_postincludes\wpimmo.php:122
actionsave_postincludes\wpimmo.php:123
filterposts_joinincludes\wpimmo.php:124
filterposts_whereincludes\wpimmo.php:125
actionadmin_menuincludes\wpimmo.php:129
actionwpincludes\wpimmo.php:133
actionwpimmo_cronincludes\wpimmo.php:134
filterwp_titleincludes\wpimmo.php:184
actiontemplate_redirectincludes\wpimmo.php:187
filterwpseo_breadcrumb_linksincludes\wpimmo.php:190
actionpre_get_postsincludes\wpimmo.php:193
filterlanguage_attributesincludes\wpimmo.php:196
actionwp_headincludes\wpimmo.php:197
actioninitwp-immo.php:22

Scheduled Events 1

wpimmo_cron
Maintenance & Trust

WP Immo Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedJan 26, 2022
PHP min version
Downloads4K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

WP Immo Alternatives

No alternatives data available yet.

Developer Profile

WP Immo Developer Profile

cvmh

5 plugins · 180 total installs

81
trust score
Avg Security Score
81/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect WP Immo

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-immo/css/wpimmo.css/wp-content/plugins/wp-immo/genericons/genericons.css/wp-content/plugins/wp-immo/js/jquery-ui/jquery.ui.progressbar.min.js/wp-content/plugins/wp-immo/js/jquery-ui/jquery.ui.progressbar.min.1.7.2.js/wp-content/plugins/wp-immo/js/jquery-ui/redmond/jquery-ui-1.7.2.custom.css/wp-content/plugins/wp-immo/js/wpimmo-admin.js
Script Paths
/wp-content/plugins/wp-immo/js/wpimmo-admin.js
Version Parameters
wp-immo/css/wpimmo.css?ver=wp-immo/genericons/genericons.css?ver=wp-immo/js/jquery-ui/jquery.ui.progressbar.min.js?ver=wp-immo/js/jquery-ui/jquery.ui.progressbar.min.1.7.2.js?ver=wp-immo/js/jquery-ui/redmond/jquery-ui-1.7.2.custom.css?ver=wp-immo/js/wpimmo-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpimmo_informationswpimmo_images
Data Attributes
wpimmo_images
JS Globals
wpimmo.ajaxurlwpimmo.l10nwpimmo.fieldswpimmo.taxonomies
FAQ

Frequently Asked Questions about WP Immo