CSRF Vulnerability in Realtyna Realtyna Organic IDX Plugin
CVE-2025-54052

7.5HIGH

Key Information:

Vendor

WordPress
Status
Realtyna Organic Idx Plugin
Vendor
CVE Published:
20 August 2025

What is CVE-2025-54052?

A Cross-Site Request Forgery (CSRF) vulnerability in the Realtyna Organic IDX plugin allows attackers to manipulate user actions without their consent, potentially leading to Local File Inclusion (LFI) exploits. This vulnerability impacts users on versions from n/a to 5.0.0, highlighting the critical need for plugin updates to maintain the security of WordPress websites.

Affected Version(s)

Realtyna Organic IDX plugin <= 5.0.0

References

https://patchstack.com/database/wordpress/plugin/real-est...
vdb-entry

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

LVT-tholv2k (Patchstack Alliance)
.