MotorDesk Security & Risk Analysis

wordpress.org/plugins/motordesk

Connect MotorDesk's car dealer management software with your WordPress website. Manage your auto dealership and used car stock/inventory/listing …

20 active installs v1.1.2 PHP 6.0+ WP 2.8+ Updated Dec 2, 2025
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVEJun 23, 2026
Safety Verdict

Is MotorDesk Safe to Use in 2026?

Mostly Safe

Score 78/100

MotorDesk is generally safe to use. 1 past CVE were resolved.

1 known CVE 1 unpatched Last CVE: Jun 23, 2026Updated 7mo ago
Risk Assessment

The 'motordesk' plugin v1.1.2 presents a generally good security posture with some notable areas of concern. Its use of prepared statements for all SQL queries and a high percentage of properly escaped output are strong indicators of secure coding practices. The plugin also demonstrates a reasonable approach to entry points, with all identified AJAX handlers and REST API routes appearing to have authentication checks. However, the presence of the `unserialize` function without any evident sanitization or validation of the data being unserialized is a significant risk. While the static analysis did not identify any critical or high-severity taint flows, the potential for unserialize vulnerabilities, especially if user-controlled data can reach this function, remains a serious concern.

The plugin's vulnerability history is clean, with no known CVEs. This, combined with the lack of recorded past vulnerabilities, suggests a relatively secure development track record for this plugin. However, the absence of past issues should not overshadow the identified risks in the current version. The plugin's strengths lie in its database security and output escaping, but the `unserialize` function presents a critical weakness that requires immediate attention. A balanced conclusion would be that while the plugin avoids common pitfalls like raw SQL or unauthenticated AJAX, the `unserialize` function represents a significant potential vulnerability that could be exploited if not properly secured.

Key Concerns

  • Dangerous function 'unserialize' used without clear sanitization
  • No nonce checks for entry points
  • Capability checks are limited to 1
Vulnerabilities
1 published

MotorDesk Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-9724medium · 4.3Cross-Site Request Forgery (CSRF)

MotorDesk <= 1.1.2 - Cross-Site Request Forgery to Settings Update

Jun 23, 2026Unpatched
Version History

MotorDesk Release Timeline

No version history available.
Code Analysis
Analyzed Mar 16, 2026

MotorDesk Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
0 prepared
Unescaped Output
33
96 escaped
Nonce Checks
0
Capability Checks
1
File Operations
3
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$option = unserialize(base64_decode($option));motordesk.php:96

Output Escaping

74% escaped129 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
motordesk_cache (include\motordesk_cache.php:20)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

MotorDesk Attack Surface

Entry Points4
Unprotected0

Shortcodes 4

[MOTORDESK] include\motordesk_front.php:31
[MOTORDESK-LATEST] include\motordesk_front.php:32
[MOTORDESK-SEARCH] include\motordesk_front.php:33
[MOTORDESK-SOLD] include\motordesk_front.php:34
WordPress Hooks 14
actionadmin_menuinclude\motordesk_admin.php:28
filterhttps_ssl_verifyinclude\motordesk_cache.php:65
actionwp_enqueue_scriptsinclude\motordesk_front.php:25
filterthe_contentinclude\motordesk_front.php:28
filterdocument_title_partsinclude\motordesk_front.php:37
filterwpseo_titleinclude\motordesk_front.php:38
filterwpseo_metadescinclude\motordesk_front.php:41
filterwpseo_opengraph_descinclude\motordesk_front.php:42
filterwpseo_opengraph_titleinclude\motordesk_front.php:43
filterwpseo_twitter_imageinclude\motordesk_front.php:44
actioninitmotordesk.php:44
actionupgrader_process_completemotordesk.php:46
actioninitmotordesk.php:54
actioninitmotordesk.php:62
Maintenance & Trust

MotorDesk Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 2, 2025
PHP min version6.0
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

MotorDesk Alternatives

No alternatives data available yet.

Developer Profile

MotorDesk Developer Profile

MotorDesk

1 plugin · 20 total installs

79
trust score
Avg Security Score
78/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect MotorDesk

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/motordesk/js/motordesk.js/wp-content/plugins/motordesk/css/motordesk.css
Script Paths
/wp-content/plugins/motordesk/js/motordesk.js
Version Parameters
motordesk/motordesk.css?ver=motordesk/motordesk.js?ver=

HTML / DOM Fingerprints

Shortcode Output
[MOTORDESK][MOTORDESK-LATEST][MOTORDESK-SEARCH][MOTORDESK-SOLD]
FAQ

Frequently Asked Questions about MotorDesk