PatchSiren cyber security CVE debrief
CVE-2026-45439 Realtyna CVE debrief
CVE-2026-45439 is a critical unauthenticated SQL injection vulnerability in the Realtyna Organic IDX plugin versions <= 5.1.0. The vulnerability has a CVSS score of 9.3, indicating a high severity. The CVE was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-45439) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-45439).
- Vendor
- Realtyna
- Product
- Realtyna Organic IDX plugin
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Administrators and users of WordPress sites utilizing the Realtyna Organic IDX plugin version 5.1.0 or earlier should prioritize patching this vulnerability to prevent potential exploitation.
Technical summary
The vulnerability is caused by an unauthenticated SQL injection weakness in the Realtyna Organic IDX plugin. This could allow an attacker to execute arbitrary SQL queries, potentially leading to data breaches or other malicious activities.
Defensive priority
High
Recommended defensive actions
- Update the Realtyna Organic IDX plugin to a version greater than 5.1.0.
- Review and monitor your WordPress site for any suspicious activity.
Evidence notes
Evidence of this vulnerability comes from Patchstack (see [ref-4](https://patchstack.com/database/wordpress/plugin/real-estate-listing-realtyna-wpl/vulnerability/wordpress-realtyna-organic-idx-plugin-plugin-5-1-0-sql-injection-vulnerability?_s_id=cve)).
Official resources
-
CVE-2026-45439 CVE record
CVE.org
-
CVE-2026-45439 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-45439 was published on 2026-06-15T21:17:03.630Z and last modified on 2026-06-15T21:24:32.790Z.