Browse all 6 CVE security advisories affecting flexmls. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Flexmls serves as a real estate platform enabling property listing management and broker collaboration. Historically, the system has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with six CVEs documented. Security researchers have identified authentication weaknesses and input validation flaws that could allow unauthorized access or data manipulation. While no major public incidents have been widely reported, the presence of multiple CVEs suggests ongoing security challenges. The platform's web interface and API integrations remain potential attack surfaces, requiring regular security updates and access controls to mitigate risks associated with its role in handling sensitive real estate data.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-25369 | WordPress Flexmls® IDX plugin <= 3.15.9 - Reflected Cross Site Scripting (XSS) vulnerability — Flexmls® IDXCWE-79 | 7.1 | High | 2026-03-16 |
| CVE-2025-67585 | WordPress Flexmls® IDX plugin <= 3.15.7 - Open Redirection vulnerability — Flexmls® IDXCWE-601 | 4.7 | Medium | 2025-12-09 |
| CVE-2025-0863 | Flexmls® IDX <= 3.14.27 - Authenticated (Contributor+) Stored Cross-Site Scripting — Flexmls® IDX PluginCWE-79 | 6.4 | Medium | 2025-03-07 |
| CVE-2025-26900 | WordPress Flexmls® IDX Plugin Plugin <= 3.14.27 - PHP Object Injection vulnerability — Flexmls® IDXCWE-502 | 9.8 | Critical | 2025-02-25 |
| CVE-2024-10552 | Flexmls® IDX Plugin <= 3.14.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via API parameters — Flexmls® IDX PluginCWE-79 | 6.4 | Medium | 2025-01-25 |
| CVE-2024-8719 | Flexmls® IDX Plugin <= 3.14.22 - Reflected Cross-Site Scripting — Flexmls® IDX PluginCWE-79 | 6.1 | Medium | 2024-10-17 |
This page lists every published CVE security advisory associated with flexmls. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.