WP-Safety

Rapid Car Check Vehicle Data Security & Risk Analysis

wordpress.org/plugins/free-vehicle-data-uk

Add instant vehicle lookup to your website in minutes with the Rapid Car Check WordPress plugin – a fast, simple way to enable number plate searches w …

200 active installs v2.0 PHP + WP 4.0+ Updated Jun 19, 2025
car-registration-lookupdvla-informationdvla-searchmot-searchvehicle-data
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVEFeb 23, 2026
Plugin page Download
Safety Verdict

Is Rapid Car Check Vehicle Data Safe to Use in 2026?

Mostly Safe

Score 78/100

Rapid Car Check Vehicle Data is generally safe to use. 1 past CVE were resolved.

1 known CVE 1 unpatched Last CVE: Feb 23, 2026Updated 11mo ago
Risk Assessment

The 'free-vehicle-data-uk' v2.0 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for all SQL queries and properly escaping all output. This significantly mitigates risks related to common database injection and cross-site scripting vulnerabilities that stem from these areas.

However, there are notable concerns primarily stemming from the attack surface. The plugin exposes six AJAX handlers without any authentication or capability checks, creating a significant entry point for potential unauthorized actions or information disclosure. While no critical or high-severity taint flows were identified, the presence of two flows with unsanitized paths warrants attention, as these could potentially lead to vulnerabilities if exploited in conjunction with other weaknesses.

The plugin's vulnerability history is clean, with no recorded CVEs. This, combined with the strong practices in SQL and output handling, suggests a developer who is attentive to fundamental security principles. Nevertheless, the unprotected AJAX endpoints represent a clear and present risk that needs to be addressed to improve the plugin's overall security.

Key Concerns

  • Unprotected AJAX handlers
  • Taint flows with unsanitized paths
  • Limited capability checks
Vulnerabilities
1 published

Rapid Car Check Vehicle Data Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-39687medium · 5.3Missing Authorization

Rapid Car Check Vehicle Data <= 2.0 - Missing Authorization

Feb 23, 2026Unpatched
Version History

Rapid Car Check Vehicle Data Release Timeline

v2.0Current1 CVE
CVE-2026-39687
v1.441 CVE
CVE-2026-39687
v1.431 CVE
CVE-2026-39687
v1.421 CVE
CVE-2026-39687
v1.411 CVE
CVE-2026-39687
v1.401 CVE
CVE-2026-39687
v1.391 CVE
CVE-2026-39687
v1.381 CVE
CVE-2026-39687
v1.371 CVE
CVE-2026-39687
v1.361 CVE
CVE-2026-39687
v1.351 CVE
CVE-2026-39687
v1.341 CVE
CVE-2026-39687
v1.331 CVE
CVE-2026-39687
v1.321 CVE
CVE-2026-39687
v1.311 CVE
CVE-2026-39687
v1.31 CVE
CVE-2026-39687
v1.2.81 CVE
CVE-2026-39687
v1.2.71 CVE
CVE-2026-39687
v1.2.61 CVE
CVE-2026-39687
v1.2.51 CVE
CVE-2026-39687
Code Analysis
Analyzed Mar 16, 2026

Rapid Car Check Vehicle Data Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
36 escaped
Nonce Checks
1
Capability Checks
0
File Operations
10
External Requests
3
Bundled Libraries
0

Output Escaping

100% escaped36 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
CallJson (classes\Shortcodes.php:502)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Rapid Car Check Vehicle Data Attack Surface

Entry Points10
Unprotected6

AJAX Handlers 6

noprivwp_ajax_FVD_CreatePagesclasses\Ajax.php:9
authwp_ajax_FVD_CreatePagesclasses\Ajax.php:10
noprivwp_ajax_FVD_ClearSearchLogsclasses\Ajax.php:12
authwp_ajax_FVD_ClearSearchLogsclasses\Ajax.php:13
noprivwp_ajax_FVD_ClearImagesclasses\Ajax.php:15
authwp_ajax_FVD_ClearImagesclasses\Ajax.php:16

Shortcodes 4

[fvd_calljson] classes\Shortcodes.php:11
[fvd_searchbox] classes\Shortcodes.php:12
[fvd_getdata] classes\Shortcodes.php:13
[fvd_returnmotrecord] classes\Shortcodes.php:14
WordPress Hooks 5
actionadmin_menuclasses\Admin.php:10
actionadmin_initclasses\Admin.php:11
actionwp_enqueue_scriptsclasses\Assets.php:10
actionadmin_enqueue_scriptsclasses\Assets.php:11
actioninitfvd.php:37
Maintenance & Trust

Rapid Car Check Vehicle Data Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 19, 2025
PHP min version
Downloads18K

Community Trust

Rating84/100
Number of ratings5
Active installs200
Alternatives

Rapid Car Check Vehicle Data Alternatives

UK Vehicle Data

UK Vehicle Data

uk-vehicle-data-api

A
85

UKVD is a leading supplier of UK Vehicle Information and Valuation Data. This plugin provides quick and easy integration with Wordpress and the UKVD A &hellip;

10 No CVEs
Developer Profile

Rapid Car Check Vehicle Data Developer Profile

Rapid Car Check

1 plugin · 200 total installs

79
trust score
Avg Security Score
78/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Rapid Car Check Vehicle Data

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/free-vehicle-data-uk/assets/css/style.css/wp-content/plugins/free-vehicle-data-uk/assets/css/toastr.css/wp-content/plugins/free-vehicle-data-uk/assets/js/toastr.js/wp-content/plugins/free-vehicle-data-uk/assets/css/admin.css/wp-content/plugins/free-vehicle-data-uk/assets/js/admin.js
Script Paths
/wp-content/plugins/free-vehicle-data-uk/assets/js/toastr.js/wp-content/plugins/free-vehicle-data-uk/assets/js/admin.js
Version Parameters
free-vehicle-data-uk/assets/css/toastr.css?ver=free-vehicle-data-uk/assets/js/toastr.js?ver=free-vehicle-data-uk/assets/css/admin.css?ver=free-vehicle-data-uk/assets/js/admin.js?ver=free-vehicle-data-uk/assets/css/style.css?ver=

HTML / DOM Fingerprints

JS Globals
FreeVehicleDatafvd_language_loadFreeVehicleData
Shortcode Output
[fvd_calljson][fvd_searchbox][fvd_getdata][fvd_returnmotrecord]
FAQ

Frequently Asked Questions about Rapid Car Check Vehicle Data