Unauthenticated SQL Injection in Realtyna Organic IDX Plugin by Realtyna
CVE-2026-45439

9.3CRITICAL

Key Information:

Vendor

WordPress

Vendor
CVE Published:
15 June 2026

What is CVE-2026-45439?

The Realtyna Organic IDX Plugin for WordPress is susceptible to an unauthenticated SQL injection vulnerability, allowing attackers to exploit the plugin's input handling. This can potentially lead to unauthorized database access, unauthorized data manipulation, or extraction of sensitive information from affected installations. It is imperative for users running versions 5.1.0 and below to take immediate action to patch their systems to enhance security and protect their data integrity.

Affected Version(s)

Realtyna Organic IDX plugin <= 5.1.0

References

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ParkHyunWoo | Patchstack Bug Bounty Program
.