WP-Safety

Rapid Car Check Vehicle Data Security & Risk Analysis

wordpress.org/plugins/free-vehicle-data-uk

Add instant vehicle lookup to your website in minutes with the Rapid Car Check WordPress plugin – a fast, simple way to enable number plate searches w …

200 active installs v2.0 PHP + WP 4.0+ Updated Jun 19, 2025
car-registration-lookupdvla-informationdvla-searchmot-searchvehicle-data
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Rapid Car Check Vehicle Data Safe to Use in 2026?

Generally Safe

Score 100/100

Rapid Car Check Vehicle Data has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago
Risk Assessment

The 'free-vehicle-data-uk' v2.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for all SQL queries and properly escaping all output. This significantly mitigates risks related to common database injection and cross-site scripting vulnerabilities that stem from these areas.

However, there are notable concerns primarily stemming from the attack surface. The plugin exposes six AJAX handlers without any authentication or capability checks, creating a significant entry point for potential unauthorized actions or information disclosure. While no critical or high-severity taint flows were identified, the presence of two flows with unsanitized paths warrants attention, as these could potentially lead to vulnerabilities if exploited in conjunction with other weaknesses.

The plugin's vulnerability history is clean, with no recorded CVEs. This, combined with the strong practices in SQL and output handling, suggests a developer who is attentive to fundamental security principles. Nevertheless, the unprotected AJAX endpoints represent a clear and present risk that needs to be addressed to improve the plugin's overall security.

Key Concerns

  • Unprotected AJAX handlers
  • Taint flows with unsanitized paths
  • Limited capability checks
Vulnerabilities
None known

Rapid Car Check Vehicle Data Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Rapid Car Check Vehicle Data Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
36 escaped
Nonce Checks
1
Capability Checks
0
File Operations
10
External Requests
3
Bundled Libraries
0

Output Escaping

100% escaped36 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
CallJson (classes\Shortcodes.php:502)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Rapid Car Check Vehicle Data Attack Surface

Entry Points10
Unprotected6

AJAX Handlers 6

noprivwp_ajax_FVD_CreatePagesclasses\Ajax.php:9
authwp_ajax_FVD_CreatePagesclasses\Ajax.php:10
noprivwp_ajax_FVD_ClearSearchLogsclasses\Ajax.php:12
authwp_ajax_FVD_ClearSearchLogsclasses\Ajax.php:13
noprivwp_ajax_FVD_ClearImagesclasses\Ajax.php:15
authwp_ajax_FVD_ClearImagesclasses\Ajax.php:16

Shortcodes 4

[fvd_calljson] classes\Shortcodes.php:11
[fvd_searchbox] classes\Shortcodes.php:12
[fvd_getdata] classes\Shortcodes.php:13
[fvd_returnmotrecord] classes\Shortcodes.php:14
WordPress Hooks 5
actionadmin_menuclasses\Admin.php:10
actionadmin_initclasses\Admin.php:11
actionwp_enqueue_scriptsclasses\Assets.php:10
actionadmin_enqueue_scriptsclasses\Assets.php:11
actioninitfvd.php:37
Maintenance & Trust

Rapid Car Check Vehicle Data Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 19, 2025
PHP min version
Downloads18K

Community Trust

Rating84/100
Number of ratings5
Active installs200
Alternatives

Rapid Car Check Vehicle Data Alternatives

UK Vehicle Data

UK Vehicle Data

uk-vehicle-data-api

A
85

UKVD is a leading supplier of UK Vehicle Information and Valuation Data. This plugin provides quick and easy integration with Wordpress and the UKVD A …

10 No CVEs
Developer Profile

Rapid Car Check Vehicle Data Developer Profile

Rapid Car Check

1 plugin · 200 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Rapid Car Check Vehicle Data

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/free-vehicle-data-uk/assets/css/style.css/wp-content/plugins/free-vehicle-data-uk/assets/css/toastr.css/wp-content/plugins/free-vehicle-data-uk/assets/js/toastr.js/wp-content/plugins/free-vehicle-data-uk/assets/css/admin.css/wp-content/plugins/free-vehicle-data-uk/assets/js/admin.js
Script Paths
/wp-content/plugins/free-vehicle-data-uk/assets/js/toastr.js/wp-content/plugins/free-vehicle-data-uk/assets/js/admin.js
Version Parameters
free-vehicle-data-uk/assets/css/toastr.css?ver=free-vehicle-data-uk/assets/js/toastr.js?ver=free-vehicle-data-uk/assets/css/admin.css?ver=free-vehicle-data-uk/assets/js/admin.js?ver=free-vehicle-data-uk/assets/css/style.css?ver=

HTML / DOM Fingerprints

JS Globals
FreeVehicleDatafvd_language_loadFreeVehicleData
Shortcode Output
[fvd_calljson][fvd_searchbox][fvd_getdata][fvd_returnmotrecord]
FAQ

Frequently Asked Questions about Rapid Car Check Vehicle Data