Impact
The vulnerability is an unauthenticated SQL injection that occurs in the Realtyna Organic IDX plugin for WordPress version 5.1.0 and earlier. An attacker can supply crafted input that is directly embedded into SQL statements, allowing the execution of arbitrary database queries. This flaw enables attackers to read sensitive data from the WordPress database, modify or delete database entries, and potentially alter application behavior by inserting malicious records.
Affected Systems
Any WordPress site that has installed Realtyna Organic IDX plugin version 5.1.0 or earlier is affected. The plugin is distributed by Realtyna and is commonly used in real‑estate listing plugins on WordPress sites.
Risk and Exploitability
The CVSS score of 9.3 denotes a critical severity for an unauthenticated vulnerability. The EPSS score of less than 1% indicates that exploitation is currently unlikely, and the vulnerability is not in the CISA KEV catalog. However, because the attack requires only unauthenticated HTTP requests to the plugin’s endpoints, the threat remains significant if the vulnerability remains unpatched.
OpenCVE Enrichment