Skip to content
CVSS 10.0CVSS 10.0 · CRITICAL

CVE-2026-57811

Improper Control of Generation of Code ('Code Injection') vulnerability in Realtyna Realtyna Organic IDX plugin real-estate-listing-realtyna-wpl allows Remote Code Inclusion.This issue affects Realtyna Organic IDX plugin: from n/a through <= 5.2.0.

View on NVD

Analysis

El plugin Realtyna Organic IDX para WordPress presenta una vulnerabilidad crítica de inyección de código que permite la ejecución remota de comandos (RCE). Un atacante puede tomar control total del servidor afectado sin necesidad de autenticación, comprometiendo la integridad y los datos de la aplicación de manera remota.

Relevant roles

PhpBackendCyberSecurity

Severity

Score: 10.0(CRITICAL)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-94

EPSS

Probability of exploitation (next 30 days): 0.0056 (0.6%)
Percentile: 42.9%
EPSS: 2026-07-13

Technical description

Improper Control of Generation of Code ('Code Injection') vulnerability in Realtyna Realtyna Organic IDX plugin real-estate-listing-realtyna-wpl allows Remote Code Inclusion.This issue affects Realtyna Organic IDX plugin: from n/a through <= 5.2.0.

Published: 7/13/2026, 10:16:45 AM
Last modified: 7/13/2026, 4:57:56 PM

References

HomeEventsBlogResourcesTeam