Does Tussendoor – Open RDW have any unpatched vulnerabilities?

No. All known vulnerabilities in Tussendoor – Open RDW have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Tussendoor – Open RDW compatible with WordPress 6.7.5?

According to WordPress.org data, Tussendoor – Open RDW 5.3.0 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Tussendoor – Open RDW compatible with PHP 8.1+?

Tussendoor – Open RDW requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Tussendoor – Open RDW updated?

Tussendoor – Open RDW was last updated on Mar 27, 2025. Frequent updates are generally a positive security signal.

What is Tussendoor – Open RDW's security score?

Tussendoor – Open RDW has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Tussendoor – Open RDW Security & Risk Analysis

wordpress.org/plugins/open-rdw-kenteken-voertuiginformatie

Haal kenteken / voertuig informatie op van OpenRDW met de Open RDW Kenteken plugin.

600 active installs v5.3.0 PHP 8.1+ WP 6.5+ Updated Mar 27, 2025

kentekenkentekeninformatierdwtussendoorvoertuig

A · Safe

CVEs total1

Unpatched0

Last CVEMar 17, 2023

Plugin page Download

Safety Verdict

Is Tussendoor – Open RDW Safe to Use in 2026?

Generally Safe

Score 92/100

Tussendoor – Open RDW has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 17, 2023Updated 1yr ago

Risk Assessment

The "open-rdw-kenteken-voertuiginformatie" plugin version 5.3.0 presents a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and a high percentage of output escaping, which mitigates common injection vulnerabilities. The absence of critical or high-severity taint flows is also reassuring.

However, significant concerns arise from the attack surface. The plugin exposes two AJAX handlers without any authentication or capability checks, creating a direct pathway for unauthenticated users to interact with potentially sensitive functionalities. The lack of any nonce checks on these handlers further exacerbates this risk, making them vulnerable to Cross-Site Request Forgery (CSRF) attacks. While there are no currently unpatched CVEs, the plugin has a history of Cross-site Scripting (XSS) vulnerabilities, with the last one in March 2023. This suggests a recurring pattern that, combined with the current lack of input validation on AJAX handlers, indicates a potential for new XSS flaws.

In conclusion, while the plugin has strengths in its database query handling and output escaping, the unprotected AJAX endpoints are a critical weakness that requires immediate attention. The historical XSS vulnerabilities, coupled with the current lack of input validation on these entry points, makes it susceptible to further exploitation. Addressing these unprotected entry points and implementing proper authorization and nonce checks is paramount for improving its security.

Key Concerns

Unprotected AJAX handlers (2)
Missing nonce checks on AJAX handlers
Known past XSS vulnerability
78% output escaping (some unescaped)

Vulnerabilities

Tussendoor – Open RDW Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2022-47431medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Open RDW kenteken voertuiginformatie <= 2.0.14 - Reflected Cross-Site Scripting via open_data_rdw_kenteken

Mar 17, 2023 Patched in 2.1.0 (312d)

Code Analysis

Analyzed Mar 16, 2026

Tussendoor – Open RDW Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

149 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

Output Escaping

78% escaped191 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

saveFormatters (admin\AdminDashboard.php:257)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Tussendoor – Open RDW Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_rdw_save_changesadmin\AdminDashboard.php:52

authwp_ajax_open-rdw-notice-dismissadmin\AdminDashboard.php:60

WordPress Hooks 50

filterhttps_ssl_verifyadmin\AdminDashboard.php:47

actionwp_enqueue_scriptsadmin\AdminDashboard.php:54

filtermce_buttonsadmin\AdminDashboard.php:55

filtermce_external_pluginsadmin\AdminDashboard.php:56

actionadmin_noticesadmin\AdminDashboard.php:58

actionadmin_noticesadmin\AdminDashboard.php:332

actionwpcf7_initadmin\partials\ContactForm7.php:27

actionwpcf7_admin_initadmin\partials\ContactForm7.php:28

filterwpcf7_validate_open_rdwadmin\partials\ContactForm7.php:30

filterwpcf7_validate_open_rdw*admin\partials\ContactForm7.php:31

actiongform_field_standard_settingsadmin\partials\GravityForms.php:19

actiongform_editor_jsadmin\partials\GravityForms.php:20

filtergform_tooltipsadmin\partials\GravityForms.php:21

filterwpforms_field_properties_textadmin\partials\WPForm.php:29

actionwpforms_frontend_jsadmin\partials\WPForm.php:30

filterwpforms_field_properties_textadmin\partials\WPFormData.php:29

filterhttps_ssl_verifyapp\Api.php:16

filterhttps_ssl_verifyapp\Config.php:45

actionall_admin_noticesapp\Helpers\Notice.php:251

actionall_admin_noticesapp\Helpers\Notice.php:287

filterwp_kses_allowed_htmlapp\Http\Controllers\PluginController.php:37

filterscript_loader_tagapp\Http\Controllers\PluginController.php:38

filterplugin_action_linksapp\Http\Controllers\PluginController.php:39

actioninitapp\Http\Controllers\PluginController.php:60

actionadmin_enqueue_scriptsapp\Http\Controllers\SettingsController.php:26

filterhttps_ssl_verifyapp\Http\Controllers\SettingsController.php:106

filterhttps_ssl_verifyapp\Http\Controllers\SettingsController.php:161

actioninitapp\Http\Kernel.php:139

actionadmin_enqueue_scriptsapp\Http\Kernel.php:168

actionadmin_enqueue_scriptsapp\Http\Kernel.php:169

actionwp_enqueue_scriptsapp\Http\Kernel.php:188

actionwp_enqueue_scriptsapp\Http\Kernel.php:189

filterninja_forms_register_fieldsapp\Http\Kernel.php:231

filterninja_forms_field_template_file_pathsapp\Http\Kernel.php:232

actionnf_admin_enqueue_scriptsapp\Http\Kernel.php:233

actioninitapp\Includes\Language.php:27

actionwpcf7_initapp\Services\ContactForm7.php:13

actionwpcf7_admin_initapp\Services\ContactForm7.php:14

filterwpcf7_validate_open_rdwapp\Services\ContactForm7.php:16

filterwpcf7_validate_open_rdw*app\Services\ContactForm7.php:17

actiongform_field_standard_settingsapp\Services\GrafityForms.php:15

actiongform_editor_jsapp\Services\GrafityForms.php:16

filtergform_tooltipsapp\Services\GrafityForms.php:17

actionpuc_api_errorapp\Updater.php:67

filtertussendoor_bol_dashboard_navigation_itemsbuilders\DashboardItemBuilder.php:124

filtertussendoor_bol_dashboard_panelsbuilders\DashboardItemBuilder.php:134

actionactivated_pluginplugin-gratis-open-rdw-kenteken-voertuiginformatie.php:70

actionadmin_menuroutes\DashboardRouter.php:38

actionadmin_enqueue_scriptsroutes\DashboardRouter.php:39

actionwidgets_initroutes\DashboardRouter.php:40

Maintenance & Trust

Tussendoor – Open RDW Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedMar 27, 2025

PHP min version8.1

Downloads18K

Community Trust

Rating66/100

Number of ratings4

Active installs600

Alternatives

Tussendoor – Open RDW Alternatives

Contact Form 7 minlength extension

minimum-length-for-contact-form-7

Extension to enable min-length on textfield(s) in Contact Form 7

300 No CVEs

Billink – Legacy

woocommerce-billink

Billink is specialist op het gebied van achteraf betalen, zowel voor jouw particuliere als zakelijke klant.

100 No CVEs

MeasureSquare Flooring Calculator

measuresquare-calculator-widget-for-floors

The MeasureSquare Flooring Calculator widget plugin allows you to add a flooring calculator to your website in order to increase visitor engagement.

30 No CVEs

thirdweb WP

thirdweb-wp

A community WordPress plugin for thirdweb. Turn your WordPress website into Web3 instantly and easily with thirdweb. 🚀💻🧩

30 No CVEs

Hosting Stability Meter

hosting-stability-meter

Benchmarks stability measuring in time. Detailed interactive graph for hosting performance peaks and dips let you know hosting is good or bad.

10 No CVEs

Developer Profile

Tussendoor – Open RDW Developer Profile

Tussendoor B.V.

4 plugins · 1K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

312 days

View full developer profile

Detection Fingerprints

How We Detect Tussendoor – Open RDW

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/open-rdw-kenteken-voertuiginformatie/public/css/style.css/wp-content/plugins/open-rdw-kenteken-voertuiginformatie/public/js/public.js/wp-content/plugins/open-rdw-kenteken-voertuiginformatie/admin/css/admin.css/wp-content/plugins/open-rdw-kenteken-voertuiginformatie/admin/js/admin.js

Script Paths

/wp-content/plugins/open-rdw-kenteken-voertuiginformatie/public/js/public.js/wp-content/plugins/open-rdw-kenteken-voertuiginformatie/admin/js/admin.js

Version Parameters

open-rdw-kenteken-voertuiginformatie/public/css/style.css?ver=open-rdw-kenteken-voertuiginformatie/public/js/public.js?ver=open-rdw-kenteken-voertuiginformatie/admin/css/admin.css?ver=open-rdw-kenteken-voertuiginformatie/admin/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

rdw-input-groupkenteken-input

Data Attributes

data-plugin-name="open-rdw-kenteken-voertuiginformatie"

JS Globals

openRDWConfig

Shortcode Output

[open_rdw][open_rdw*]

FAQ