WP-Safety

Fleet Manager Security & Risk Analysis

wordpress.org/plugins/fleet

Manage sailboats, sailors, regattas, and results with ease.

10 active installs v2.6.0 PHP 8.0+ WP 5.0+ Updated Dec 9, 2025
fleetresultsailingsportteam
99
A · Safe
CVEs total1
Unpatched0
Last CVENov 10, 2025
Plugin page Download
Safety Verdict

Is Fleet Manager Safe to Use in 2026?

Generally Safe

Score 99/100

Fleet Manager has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Nov 10, 2025Updated 5mo ago
Risk Assessment

The plugin 'fleet' v2.6.0 exhibits a generally strong security posture with a good adherence to WordPress security best practices. The plugin boasts a high percentage of prepared SQL statements and properly escaped outputs, significantly reducing the risk of common injection and cross-site scripting vulnerabilities. Furthermore, the absence of unprotected entry points and a good number of capability checks on AJAX handlers are positive indicators. However, the presence of a single taint flow with unsanitized paths, even if not classified as critical or high, warrants attention as it represents a potential vector for vulnerabilities. While there are no currently unpatched CVEs, the history of a past medium severity Cross-site Scripting vulnerability suggests that input sanitization and output escaping, while generally good, may require ongoing vigilance.

In conclusion, 'fleet' v2.6.0 is a relatively secure plugin, demonstrating strong fundamentals in data handling and access control. The primary concern lies with the identified taint flow, which could potentially be exploited if an attacker can control the unsanitized input. The historical medium vulnerability, though patched, serves as a reminder to maintain robust security practices. Overall, the plugin is well-developed from a security perspective, but the taint analysis highlights an area that could be further hardened.

Key Concerns

  • Taint flow with unsanitized paths (High severity)
  • Past medium severity XSS vulnerability
Vulnerabilities
1 published

Fleet Manager Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-12538medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Fleet Manager <= 2.5.1 - Authenticated (Editor+) Stored Cross-Site Scripting

Nov 10, 2025 Patched in 2.6.0 (31d)
Version History

Fleet Manager Release Timeline

v2.6.0Current
v2.5.11 CVE
CVE-2025-12538
v2.5.01 CVE
CVE-2025-12538
v2.4.01 CVE
CVE-2025-12538
v2.3.91 CVE
CVE-2025-12538
v2.3.81 CVE
CVE-2025-12538
v2.3.71 CVE
CVE-2025-12538
v2.3.61 CVE
CVE-2025-12538
v2.3.51 CVE
CVE-2025-12538
v2.3.41 CVE
CVE-2025-12538
v2.3.31 CVE
CVE-2025-12538
v2.3.21 CVE
CVE-2025-12538
v2.3.11 CVE
CVE-2025-12538
v2.3.01 CVE
CVE-2025-12538
v2.2.21 CVE
CVE-2025-12538
v2.2.11 CVE
CVE-2025-12538
v2.2.01 CVE
CVE-2025-12538
v2.1.71 CVE
CVE-2025-12538
v2.1.61 CVE
CVE-2025-12538
v2.1.51 CVE
CVE-2025-12538
Code Analysis
Analyzed Mar 17, 2026

Fleet Manager Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
32 prepared
Unescaped Output
12
463 escaped
Nonce Checks
9
Capability Checks
6
File Operations
4
External Requests
1
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

89% prepared36 total queries

Output Escaping

97% escaped475 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

5 flows1 with unsanitized paths
<class-iworks-fleet-posttypes-boat> (includes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Fleet Manager Attack Surface

Entry Points11
Unprotected0

AJAX Handlers 3

authwp_ajax_iworks_fleet_persons_listincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-person.php:63
authwp_ajax_iworks_fleet_upload_racesincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:98
authwp_ajax_iworks_rate_buttonincludes\iworks\rate\rate.php:113

Shortcodes 8

[fleet_stats] includes\iworks\class-iworks-fleet.php:101
[fleet_boats_list] includes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:112
[boat] includes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:113
[iworks_fleet_ranking] includes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-ranking.php:46
[fleet_regattas_list] includes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:121
[fleet_ranking] includes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:122
[fleet_regattas_list_years] includes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:123
[fleet_regattas_list_countries] includes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:124
WordPress Hooks 114
actioninitfleet.php:116
actionadmin_initincludes\iworks\class-iworks-fleet.php:85
actioninitincludes\iworks\class-iworks-fleet.php:86
actioninitincludes\iworks\class-iworks-fleet.php:87
actioninitincludes\iworks\class-iworks-fleet.php:88
actionwp_enqueue_scriptsincludes\iworks\class-iworks-fleet.php:89
actionwp_enqueue_scriptsincludes\iworks\class-iworks-fleet.php:90
actionplugins_loadedincludes\iworks\class-iworks-fleet.php:91
filteriworks_rate_notice_logo_styleincludes\iworks\class-iworks-fleet.php:107
actionadmin_enqueue_scriptsincludes\iworks\class-iworks-fleet.php:152
filterplugin_row_metaincludes\iworks\class-iworks-fleet.php:153
actionshutdownincludes\iworks\fleet\class-iworks-fleet-db.php:50
filterog_arrayincludes\iworks\fleet\class-iworks-posttypes.php:90
actioninitincludes\iworks\fleet\class-iworks-posttypes.php:94
actioninitincludes\iworks\fleet\class-iworks-posttypes.php:95
actioninitincludes\iworks\fleet\class-iworks-posttypes.php:96
actioninitincludes\iworks\fleet\class-iworks-posttypes.php:97
filterbody_classincludes\iworks\fleet\class-iworks-posttypes.php:98
actionsave_postincludes\iworks\fleet\class-iworks-posttypes.php:102
filterdashboard_glance_itemsincludes\iworks\fleet\class-iworks-posttypes.php:108
filtertwentytwenty_disallowed_post_types_for_meta_outputincludes\iworks\fleet\class-iworks-posttypes.php:112
filterint505_archive_stats_table_rowincludes\iworks\fleet\class-iworks-posttypes.php:116
filterog_image_initincludes\iworks\fleet\integration\class-iworks-fleet-integration-og.php:32
filterenter_title_hereincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:61
filterthe_contentincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:62
filterthe_contentincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:63
filterinternational_fleet_posted_onincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:64
filterposts_orderbyincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:65
actioninitincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:66
filterfleet/boat/get_manufacturerincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:72
actionsave_postincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:76
actionsave_postincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:77
actionmanage_posts_custom_columnincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:82
actionpre_get_postsincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:86
actionpre_get_postsincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:87
filterget_previous_post_sortincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:91
filterget_next_post_sortincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:92
filterget_previous_post_whereincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:93
filterget_next_post_whereincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:94
actioninternational_fleet_content_template_overlay_endincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:98
filteriworks_fleet_boat_get_flagincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:102
filteriworks_fleet_boat_get_hullincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:103
filteriworks_fleet_boat_get_last_ownerincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:104
filteriworks_fleet_boat_get_by_owner_idincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:108
filterog_image_valueincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:119
actionadmin_footerincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-boat.php:932
filterthe_contentincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-person.php:42
filterinternational_fleet_posted_onincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-person.php:43
filterthe_titleincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-person.php:44
actioninitincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-person.php:45
actionmanage_posts_custom_columnincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-person.php:50
actionpre_get_postsincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-person.php:54
actionpre_get_postsincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-person.php:55
filterget_previous_post_sortincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-person.php:59
filterget_next_post_sortincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-person.php:60
filterget_previous_post_whereincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-person.php:61
filterget_next_post_whereincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-person.php:62
filterwp_localize_script_fleet_adminincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-person.php:67
actionmaybe_add_person_nationincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-person.php:71
filterterm_linkincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-person.php:75
filteriworks/fleet/person/get/arrayincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-person.php:81
filteriworks_simple_seo_improvements_json_ld::WebSiteincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-person.php:87
actionmanage_posts_custom_columnincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-ranking.php:41
actioninitincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-ranking.php:42
filteriworks/fleet/register_taxonomy/iworks_fleet_ranking/addincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-ranking.php:50
actioninitincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:75
filterthe_contentincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:79
actionmanage_posts_custom_columnincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:86
actionplugins_loadedincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:90
actionwp_insert_postincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:94
filteriworks_fleet_result_sailor_regata_listincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:102
filteriworks_fleet_result_sailor_last_regattaincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:103
filteriworks_fleet_result_boat_regatta_listincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:104
filteriworks_fleet_result_serie_regatta_listincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:105
filterthe_titleincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:106
filteriworks_fleet_result_sailor_trophiesincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:107
filteriworks_fleet_result_sailor_placesincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:108
actionsave_postincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:112
actionpre_get_postsincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:116
actionpre_get_postsincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:117
filterget_previous_post_sortincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:128
filterget_next_post_sortincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:129
filterget_previous_post_whereincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:130
filterget_next_post_whereincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:131
filterget_previous_post_joinincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:132
filterget_next_post_joinincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:133
filteriworks_fleet_result_adjust_datesincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:137
actioniworks_fleet_result_import_dataincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:141
filterwp_localize_script_fleet_adminincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:142
actioninitincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:146
filterget_the_archive_titleincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:147
filteriworks/fleet/results/get/arrayincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:153
filteriworks/fleet/medals/get/arrayincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:154
filteriworks_simple_seo_improvements_json_ld::WebSiteincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:160
filterthe_titleincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:320
filtersuppress_filter_pre_get_posts_limit_to_yearincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:413
filteriworks_fleet_result_skip_year_in_titleincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:1064
filteriworks_fleet_get_seriesincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:1493
filterthe_titleincludes\iworks\fleet\posttypes\class-iworks-fleet-posttypes-result.php:2964
actionadmin_enqueue_scriptsincludes\iworks\options\options.php:87
actionadmin_headincludes\iworks\options\options.php:88
actionadmin_menuincludes\iworks\options\options.php:89
actionadmin_noticesincludes\iworks\options\options.php:90
filterscreen_layout_columnsincludes\iworks\options\options.php:91
actionload-index.phpincludes\iworks\rate\rate.php:111
actioniworks-register-pluginincludes\iworks\rate\rate.php:112
actionadmin_initincludes\iworks\rate\rate.php:114
filteriworks_rate_assistanceincludes\iworks\rate\rate.php:118
filteriworks_rate_loveincludes\iworks\rate\rate.php:119
filteriworks_rate_advertising_ogincludes\iworks\rate\rate.php:125
actionadmin_enqueue_scriptsincludes\iworks\rate\rate.php:190
actionadmin_noticesincludes\iworks\rate\rate.php:191
actionadmin_enqueue_scriptsincludes\iworks\rate\rate.php:200
actionadmin_noticesincludes\iworks\rate\rate.php:201
Maintenance & Trust

Fleet Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedDec 9, 2025
PHP min version8.0
Downloads4K

Community Trust

Rating100/100
Number of ratings2
Active installs10
Alternatives

Fleet Manager Alternatives

JoomSport – for Sports: Team & League, Football, Hockey & more

JoomSport – for Sports: Team & League, Football, Hockey & more

joomsport-sports-league-results-management

B
78

Create PRO sports website for your club, sports team or sports league! Soccer, Football, Hockey, Basketball, Volleyball, Handball, eSport & others.

1K 11 CVEs
SportsPress for Basketball

SportsPress for Basketball

sportspress-for-basketball

A
85

SportsPress for Basketball is an extension for SportsPress, an all-in-one sports data plugin that helps sports teams set up a basketball website.

1K No CVEs
Dynamic Team Manager – Team Member Showcase with grid, slider, table Elementor widget & shortcode

Dynamic Team Manager – Team Member Showcase with grid, slider, table Elementor widget & shortcode

wp-team-manager

C
69

Team plugin to showcase team members, sports rosters, or creative portfolios with grid, list, Slider, table layout. Supports Corporate and Sports Leag &hellip;

1K 1 unpatched
WP Club Manager – WordPress Sports Club Plugin

WP Club Manager – WordPress Sports Club Plugin

wp-club-manager

A
99

WP Club Manager is easy to set-up and has everything you need to build and manage an amazing sports club website.

600 3 CVEs
AnWP Sports Leagues – Basketball, Ice Hockey, Handball, Rugby & More

AnWP Sports Leagues – Basketball, Ice Hockey, Handball, Rugby & More

sports-leagues

A
100

Professional sports league management for WordPress. Track teams, players, games, statistics, tournaments & standings for any team sport.

200 No CVEs
Developer Profile

Fleet Manager Developer Profile

Marcin Pietrzak

23 plugins · 89K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
274 days
View full developer profile
Detection Fingerprints

How We Detect Fleet Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/fleet/assets/css/fleet-admin.css/wp-content/plugins/fleet/assets/css/fleet-front.css/wp-content/plugins/fleet/assets/js/fleet-admin.js
Version Parameters
fleet/assets/css/fleet-admin.css?ver=fleet/assets/css/fleet-front.css?ver=fleet/assets/js/fleet-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
fleet-statistsicsfleet-statistsics-personfleet-statistsics-boatfleet-statistsics-result
Data Attributes
data-plugin-fleet
Shortcode Output
<div class="fleet-statistsics"><h2>Statistics</h2><dl>
FAQ

Frequently Asked Questions about Fleet Manager