WP-Safety

Auto Listings – Car Listings & Car Dealership Plugin for WordPress Security & Risk Analysis

wordpress.org/plugins/auto-listings

List, manage & sell cars easily. Advanced search, vehicle data from 1941, lead capture, gallery, maps. Great for car dealers.

2K active installs v2.7.3 PHP 7.2+ WP 6.2+ Updated Mar 9, 2026
auto-listingscar-dealercar-dealershipcar-listings
98
A · Safe
CVEs total2
Unpatched0
Last CVEDec 30, 2025
Plugin page Download
Safety Verdict

Is Auto Listings – Car Listings & Car Dealership Plugin for WordPress Safe to Use in 2026?

Generally Safe

Score 98/100

Auto Listings – Car Listings & Car Dealership Plugin for WordPress has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 30, 2025Updated 25d ago
Risk Assessment

The Auto-Listings plugin v2.7.3 presents a mixed security posture. While it demonstrates good practices in output escaping and avoids dangerous functions, its attack surface and vulnerability history raise concerns. The presence of two unprotected AJAX handlers represents a significant risk, as these can be leveraged by attackers to execute actions without proper authentication. The taint analysis, although not revealing critical or high severity flows, did identify one flow with an unsanitized path, which could potentially lead to vulnerabilities if not handled carefully. The plugin's vulnerability history, with two medium-severity CVEs, both related to Cross-Site Scripting, indicates a past pattern of input sanitization issues. The fact that the last vulnerability was recorded in late 2025 (though this date might be hypothetical for the purpose of this analysis) and is currently unpatched is a major concern, suggesting active exploitation or ongoing risks from known flaws.

Key Concerns

  • Unprotected AJAX handlers
  • Flow with unsanitized path
  • Unpatched CVEs (medium)
  • SQL queries not fully prepared
  • Limited nonce checks
  • No capability checks on AJAX
Vulnerabilities
2

Auto Listings – Car Listings & Car Dealership Plugin for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-69089medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Auto Listings <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 30, 2025 Patched in 2.7.2 (7d)
CVE-2024-24713medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Auto Listings <= 2.6.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode

Jan 31, 2024 Patched in 2.6.6 (3d)
Code Analysis
Analyzed Mar 16, 2026

Auto Listings – Car Listings & Car Dealership Plugin for WordPress Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
2 prepared
Unescaped Output
41
321 escaped
Nonce Checks
1
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
0

SQL Query Safety

50% prepared4 total queries

Output Escaping

89% escaped362 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

6 flows1 with unsanitized paths
auto_listings_admin_listing_status_area (src\functions.php:182)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Auto Listings – Car Listings & Car Dealership Plugin for WordPress Attack Surface

Entry Points14
Unprotected2

AJAX Handlers 3

authwp_ajax_auto_listings_ajax_archive_itemsrc\functions.php:245
authwp_ajax_model_filtersrc\SearchForm\Ajax.php:6
noprivwp_ajax_model_filtersrc\SearchForm\Ajax.php:7

Shortcodes 11

[auto_listings_contact_form] src\Enquiry\ContactForm.php:18
[als_button] src\SearchForm\Shortcode\Button.php:6
[als_total_listings] src\SearchForm\Shortcode\Extras.php:6
[als_selected] src\SearchForm\Shortcode\Extras.php:7
[als_toggle_wrapper] src\SearchForm\Shortcode\Extras.php:8
[als_keyword] src\SearchForm\Shortcode\Extras.php:9
[als_field] src\SearchForm\Shortcode\Field.php:10
[als] src\SearchForm\Shortcode\Form.php:6
[auto_listings_search] src\SearchForm.php:20
[auto_listings_listing] src\Shortcodes.php:20
[auto_listings_listings] src\Shortcodes.php:21
WordPress Hooks 108
actionplugins_loadedauto-listings.php:35
actionadmin_noticesauto-listings.php:40
actionadmin_enqueue_scriptssrc\Admin\Assets.php:18
filteradmin_body_classsrc\Admin\Main.php:18
filterajax_query_attachments_argssrc\Admin\Main.php:19
filtermanage_users_columnssrc\Admin\SellerColumns.php:21
filtermanage_users_custom_columnsrc\Admin\SellerColumns.php:22
filtermb_settings_pagessrc\Admin\Settings.php:6
filterrwmb_meta_boxessrc\Admin\Settings.php:7
actionadmin_print_styles-auto-listing_page_auto-listingssrc\Admin\Settings.php:8
filtermanage_listing-enquiry_posts_columnssrc\Enquiry\AdminColumns.php:31
actionmanage_listing-enquiry_posts_custom_columnsrc\Enquiry\AdminColumns.php:32
filtermanage_edit-listing-enquiry_sortable_columnssrc\Enquiry\AdminColumns.php:35
filterrequestsrc\Enquiry\AdminColumns.php:36
filterrequestsrc\Enquiry\AdminColumns.php:37
filterrequestsrc\Enquiry\AdminColumns.php:38
filterrequestsrc\Enquiry\AdminColumns.php:39
actionrestrict_manage_postssrc\Enquiry\AdminColumns.php:42
actionparse_querysrc\Enquiry\AdminColumns.php:43
actionrwmb_frontend_before_submit_buttonsrc\Enquiry\ContactForm.php:19
filterrwmb_frontend_insert_post_datasrc\Enquiry\ContactForm.php:20
actionrwmb_frontend_after_save_postsrc\Enquiry\ContactForm.php:21
actionrwmb_frontend_after_save_postsrc\Enquiry\ContactForm.php:22
filterrwmb_frontend_field_value_confirmationsrc\Enquiry\ContactForm.php:23
actionbefore_delete_postsrc\Enquiry\ContactForm.php:25
filterrwmb_meta_boxessrc\Enquiry\Fields.php:18
actioninitsrc\Enquiry\PostType.php:19
actionwp_enqueue_scriptssrc\Frontend\Assets.php:19
actionwp_enqueue_scriptssrc\Frontend\Assets.php:20
actionbody_classsrc\Frontend\Main.php:6
actionwp_headsrc\Frontend\Main.php:7
filterpost_classsrc\Frontend\template-hooks.php:12
actionauto_listings_before_main_contentsrc\Frontend\template-hooks.php:17
actionauto_listings_after_main_contentsrc\Frontend\template-hooks.php:18
actionauto_listings_archive_page_upper_full_widthsrc\Frontend\template-hooks.php:24
actionauto_listings_archive_page_upper_full_widthsrc\Frontend\template-hooks.php:25
actionauto_listings_before_listings_loopsrc\Frontend\template-hooks.php:31
actionauto_listings_before_listings_loopsrc\Frontend\template-hooks.php:32
actionauto_listings_before_listings_loopsrc\Frontend\template-hooks.php:33
actionauto_listings_after_listings_loopsrc\Frontend\template-hooks.php:38
actionauto_listings_before_listings_loop_item_summarysrc\Frontend\template-hooks.php:44
actionauto_listings_listings_loop_itemsrc\Frontend\template-hooks.php:46
actionauto_listings_listings_loop_itemsrc\Frontend\template-hooks.php:47
actionauto_listings_listings_loop_itemsrc\Frontend\template-hooks.php:48
actionauto_listings_listings_loop_itemsrc\Frontend\template-hooks.php:49
actionauto_listings_listings_loop_itemsrc\Frontend\template-hooks.php:50
actionauto_listings_listings_loop_itemsrc\Frontend\template-hooks.php:51
actionauto_listings_single_upper_full_widthsrc\Frontend\template-hooks.php:57
actionauto_listings_single_gallerysrc\Frontend\template-hooks.php:59
actionauto_listings_single_contentsrc\Frontend\template-hooks.php:61
actionauto_listings_single_contentsrc\Frontend\template-hooks.php:62
actionauto_listings_single_contentsrc\Frontend\template-hooks.php:63
filterauto_listings_single_tabssrc\Frontend\template-hooks.php:64
actionauto_listings_single_sidebarsrc\Frontend\template-hooks.php:66
actionauto_listings_single_sidebarsrc\Frontend\template-hooks.php:67
actionauto_listings_single_sidebarsrc\Frontend\template-hooks.php:68
actionauto_listings_single_sidebarsrc\Frontend\template-hooks.php:69
actionauto_listings_single_sidebarsrc\Frontend\template-hooks.php:70
actionauto_listings_single_sidebarsrc\Frontend\template-hooks.php:79
filterget_the_archive_titlesrc\Frontend\template-tags.php:177
filtertemplate_includesrc\Frontend\TemplateLoader.php:18
actioninitsrc\functions-general.php:145
actionwidgets_initsrc\functions-sidebars.php:14
actionpmxi_saved_postsrc\functions.php:293
actionrwmb__al_listing_images_after_save_postsrc\functions.php:346
filterredirect_canonicalsrc\functions.php:358
filtermanage_auto-listing_posts_columnssrc\Listing\AdminColumns.php:30
actionmanage_auto-listing_posts_custom_columnsrc\Listing\AdminColumns.php:31
filtermanage_edit-auto-listing_sortable_columnssrc\Listing\AdminColumns.php:34
filterrequestsrc\Listing\AdminColumns.php:35
filterrequestsrc\Listing\AdminColumns.php:36
filterrequestsrc\Listing\AdminColumns.php:37
actionrestrict_manage_postssrc\Listing\AdminColumns.php:40
actionparse_querysrc\Listing\AdminColumns.php:41
filterrwmb_meta_boxessrc\Listing\Fields.php:18
actionrwmb_enqueue_scriptssrc\Listing\Fields.php:19
actioninitsrc\Listing\PostStatuses.php:18
actionadmin_footer-post.phpsrc\Listing\PostStatuses.php:19
actionadmin_footer-edit.phpsrc\Listing\PostStatuses.php:20
filterdisplay_post_statessrc\Listing\PostStatuses.php:21
actioninitsrc\Listing\PostType.php:18
actioninitsrc\Listing\PostType.php:19
actionadd_meta_boxessrc\Listing\PostType.php:20
filteruse_block_editor_for_post_typesrc\Listing\PostType.php:21
actioninitsrc\Plugin.php:51
filterplugin_row_metasrc\Plugin.php:52
actionpre_get_postssrc\Query.php:22
filtermanage_auto-listings-search_posts_columnssrc\SearchForm\AdminColumns.php:6
actionmanage_auto-listings-search_posts_custom_columnsrc\SearchForm\AdminColumns.php:7
filterrwmb_meta_boxessrc\SearchForm\Editor.php:6
actionadmin_enqueue_scriptssrc\SearchForm\Editor.php:7
actionsave_post_auto-listingsrc\SearchForm\functions.php:176
actioninitsrc\SearchForm\PostType.php:6
filterpost_updated_messagessrc\SearchForm\PostType.php:7
filterwpsrc\SearchForm.php:18
filterquery_varssrc\SearchForm.php:19
filteris_auto_listingssrc\SearchForm.php:30
actionpre_get_postssrc\SearchQuery.php:18
filterwpsrc\Shortcodes.php:19
filteris_auto_listingssrc\Shortcodes.php:36
filteris_listingsrc\Shortcodes.php:40
filterpost_classsrc\Shortcodes.php:139
filterauto_listings_columnssrc\Shortcodes.php:143
actionauto_listings_settings_licensesrc\Updater\Settings.php:8
actionrwmb_auto-listings-license_after_save_postsrc\Updater\Settings.php:9
actioninitsrc\Updater\Tab.php:6
filtermb_settings_pagessrc\Updater\Tab.php:13
filterrwmb_meta_boxessrc\Updater\Tab.php:14
Maintenance & Trust

Auto Listings – Car Listings & Car Dealership Plugin for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 9, 2026
PHP min version7.2
Downloads143K

Community Trust

Rating84/100
Number of ratings32
Active installs2K
Alternatives

Auto Listings – Car Listings & Car Dealership Plugin for WordPress Alternatives

Inventory Presser – Car Dealer Listings

Inventory Presser – Car Dealer Listings

inventory-presser

A
99

Vehicle inventory management for dealerships. Supports multiple car lot locations. Provides listing templates & photo sliders. Multisite compatible.

100 1 CVE
Motors VIN Decoder

Motors VIN Decoder

motors-vin-decoder

A
100

Motors VIN Decoder & Vehicle History Check is free plugin to decode your vehicle VIN. Free version is based on USA National Highway Traffic Safety &hellip;

500 No CVEs
Directorykit Car Dealer Addon

Directorykit Car Dealer Addon

directorykit-car-dealer-addon

A
100

Transforms WordPress into a car dealership portal with demo listings; fully customizable with Elementor for automotive sites.

0 No CVEs
Motors – Car Dealership & Classified Listings Plugin

Motors – Car Dealership & Classified Listings Plugin

motors-car-dealership-classified-listings

B
76

Manage classified listings with WordPress, and allow users to post classified listings directly to your website.

10K 17 CVEs
DirectoryPress Frontend

DirectoryPress Frontend

directorypress-frontend

A
99

This plugin provides frontend listing functionality for [DirectoryPress - Directory Listing Plugin](https://designinvento.

1K 1 CVE
Developer Profile

Auto Listings – Car Listings & Car Dealership Plugin for WordPress Developer Profile

autolistings

2 plugins · 3K total installs

97
trust score
Avg Security Score
95/100
Avg Patch Time
5 days
View full developer profile
Detection Fingerprints

How We Detect Auto Listings – Car Listings & Car Dealership Plugin for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/auto-listings/assets/admin/css/extensions.css/wp-content/plugins/auto-listings/assets/admin/css/auto-listings.css/wp-content/plugins/auto-listings/assets/admin/css/settings.css/wp-content/plugins/auto-listings/assets/css/auto-listings-icons.css/wp-content/plugins/auto-listings/assets/css/font-awesome.min.css/wp-content/plugins/auto-listings/assets/css/sumoselect.min.css/wp-content/plugins/auto-listings/assets/css/auto-listings.css/wp-content/plugins/auto-listings/assets/js/sumoselect.min.js+3 more
Script Paths
/wp-content/plugins/auto-listings/assets/js/sumoselect.min.js/wp-content/plugins/auto-listings/assets/js/lightslider.js/wp-content/plugins/auto-listings/assets/js/auto-listings.js
Version Parameters
auto-listings/assets/admin/css/extensions.css?ver=auto-listings/assets/admin/css/auto-listings.css?ver=auto-listings/assets/admin/css/settings.css?ver=auto-listings/assets/css/auto-listings-icons.css?ver=auto-listings/assets/css/font-awesome.min.css?ver=auto-listings/assets/css/sumoselect.min.css?ver=auto-listings/assets/css/auto-listings.css?ver=auto-listings/assets/js/sumoselect.min.js?ver=auto-listings/assets/js/lightslider.js?ver=auto-listings/assets/css/lightslider.css?ver=auto-listings/assets/js/auto-listings.js?ver=

HTML / DOM Fingerprints

CSS Classes
auto-listingsal-buttonal-settings-page
Data Attributes
data-map_widthdata-map_heightdata-map_zoomdata-latdata-lngdata-address+2 more
JS Globals
auto_listings
FAQ

Frequently Asked Questions about Auto Listings – Car Listings & Car Dealership Plugin for WordPress