CVE-2026-57811
CRITICALWordPress Realtyna Organic IDX plugin plugin <= 5.2.0 - Remote Code Execution (RCE) vulnerability
Title source: cnaExploitation Summary
EIP tracks 1 public exploit for CVE-2026-57811. PoCs published by incogbyte.
AI-analyzed exploit summary This exploit demonstrates unauthenticated arbitrary file upload leading to remote code execution (RCE) in Realtyna Organic IDX WordPress plugin (versions <= 5.2.0) by abusing a deprecated mobile application API endpoint with insufficient validation of the `commands_directory` parameter and file upload handling.
Description
Improper Control of Generation of Code ('Code Injection') vulnerability in Realtyna Realtyna Organic IDX plugin real-estate-listing-realtyna-wpl allows Remote Code Inclusion.This issue affects Realtyna Organic IDX plugin: from n/a through <= 5.2.0.
Exploits (1)
This exploit demonstrates unauthenticated arbitrary file upload leading to remote code execution (RCE) in Realtyna Organic IDX WordPress plugin (versions <= 5.2.0) by abusing a deprecated mobile application API endpoint with insufficient validation of the `commands_directory` parameter and file upload handling.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H