Does ReCRM have any unpatched vulnerabilities?

No. All known vulnerabilities in ReCRM have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is ReCRM compatible with WordPress 4.9.29?

According to WordPress.org data, ReCRM 1.1.3 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

Is ReCRM compatible with PHP 7.0+?

ReCRM requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is ReCRM updated?

ReCRM was last updated on Unknown. Frequent updates are generally a positive security signal.

What is ReCRM's security score?

ReCRM has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ReCRM Security & Risk Analysis

wordpress.org/plugins/recrm

Импорт объектов недвижимости и агентов из ReCRM

10 active installs v1.1.3 PHP 7.0+ WP 4.9+ Updated Unknown

estaterecrm

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is ReCRM Safe to Use in 2026?

Generally Safe

Score 100/100

ReCRM has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "recrm" plugin v1.1.3 demonstrates some promising security practices, particularly in its limited attack surface and the absence of known historical vulnerabilities. The static analysis shows no AJAX handlers, REST API routes, or shortcodes without authentication checks, and a low overall number of entry points, which is a positive indicator. Furthermore, the lack of external HTTP requests and no recorded CVEs suggests a relatively stable and well-maintained codebase. However, several significant concerns warrant attention. The presence of the `unserialize` function, especially without clear sanitization or robust input validation, poses a substantial risk for object injection vulnerabilities if the plugin handles user-supplied data for unserialization. The low percentage of properly escaped outputs and the absence of nonce checks and capability checks on potential entry points like cron events also introduce potential cross-site scripting (XSS) and privilege escalation risks. The SQL query practice, while not entirely poor, could be improved with a higher percentage of prepared statements to mitigate SQL injection risks.

Key Concerns

Dangerous function 'unserialize' present
No nonce checks found
No capability checks found
Low percentage of properly escaped output
Only 60% of SQL queries use prepared statements
Cron events present without clear auth/checks

Vulnerabilities

None known

ReCRM Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

ReCRM Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$res = unserialize(base64_decode(file_get_contents($file)));includes\class-recrm-import-2-file.php:47

unserialize$entity_gallery = is_serialized($entity_gallery) ? unserialize($entity_gallery) : $entity_gallery;includes\class-recrm-store.php:110

unserialize$item_images = is_serialized($item_images) ? unserialize($item_images) : $item_images;includes\class-recrm-store.php:148

unserialize$item_images = is_serialized($item_images) ? unserialize($item_images) : $item_images;includes\class-recrm-store.php:196

SQL Query Safety

60% prepared5 total queries

Output Escaping

57% escaped7 total outputs

Attack Surface

ReCRM Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 15

actionplugins_loadedincludes\class-recrm.php:185

actionplugins_loadedincludes\class-recrm.php:186

actionadmin_enqueue_scriptsincludes\class-recrm.php:201

actionadmin_enqueue_scriptsincludes\class-recrm.php:202

actionadmin_menuincludes\class-recrm.php:203

actionadmin_initincludes\class-recrm.php:204

actionadmin_initincludes\class-recrm.php:205

actionadmin_initincludes\class-recrm.php:206

actionadd_meta_boxesincludes\class-recrm.php:207

actioninitincludes\class-recrm.php:223

actioninitincludes\class-recrm.php:224

filtergenerate_rewrite_rulesincludes\class-recrm.php:225

filterpost_type_linkincludes\class-recrm.php:226

filtercron_schedulesincludes\class-recrm.php:230

actionrecrm_cron_importincludes\class-recrm.php:233

Scheduled Events 1

recrm_cron_import

Maintenance & Trust

ReCRM Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedUnknown

PHP min version7.0

Downloads1K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

ReCRM Alternatives

Estatik Real Estate Plugin

estatik

You will love its clean design, simple use, and colorful themes. WordPress real estate plugin Estatik is a worthy choice for single agents and portals

10K 2 unpatched