WP-Safety

RentSyst – CRM solution for fleet management Security & Risk Analysis

wordpress.org/plugins/rentsyst

RentSyst - this plugin is suitable for the car rental business, which is designed to organize, optimize and simplify the work of the company.

100 active installs v2.0.125 PHP 7.0+ WP 6.0+ Updated Feb 20, 2026
businesscar-rentalcrmmanagement-systemvehicles
98
A · Safe
CVEs total2
Unpatched0
Last CVEAug 7, 2025
Plugin page Download
Safety Verdict

Is RentSyst – CRM solution for fleet management Safe to Use in 2026?

Generally Safe

Score 98/100

RentSyst – CRM solution for fleet management has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Aug 7, 2025Updated 1mo ago
Risk Assessment

The "rentsyst" plugin v2.0.125 presents a mixed security posture. While the absence of critical or high severity vulnerabilities in its history and no reported dangerous functions or file operations are positive signs, several concerning aspects arise from the static analysis. A significant portion of the REST API routes (4 out of 4) lack permission callbacks, and a notable percentage of output (64%) is not properly escaped, increasing the risk of Cross-Site Scripting (XSS) vulnerabilities. The presence of unsanitized paths in 50% of the analyzed taint flows, even without critical or high severity, warrants attention as it suggests potential for path traversal or similar issues. The plugin's vulnerability history shows a past of medium severity XSS and CSRF vulnerabilities, indicating a recurring pattern that, while currently unpatched, suggests a need for continued vigilance. The presence of outdated bundled libraries is also a minor concern. Overall, while the plugin isn't riddled with critical flaws, the unescaped output, unprotected REST API routes, and past vulnerability trends point to a moderate risk profile that requires attention to mitigate potential attacks.

Key Concerns

  • REST API routes without permission callbacks
  • High percentage of unescaped output
  • Taint flows with unsanitized paths
  • Bundled outdated TinyMCE library
  • Medium severity CVEs in history
Vulnerabilities
2

RentSyst – CRM solution for fleet management Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-48152medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Rentsyst <= 2.0.100 - Reflected Cross-Site Scripting

Aug 7, 2025 Patched in 2.0.101 (5d)
CVE-2025-32501medium · 6.1Cross-Site Request Forgery (CSRF)

RentSyst <= 2.0.92 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Apr 9, 2025 Patched in 2.0.93 (65d)
Code Analysis
Analyzed Mar 16, 2026

RentSyst – CRM solution for fleet management Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
1 prepared
Unescaped Output
211
121 escaped
Nonce Checks
4
Capability Checks
6
File Operations
0
External Requests
2
Bundled Libraries
1

Bundled Libraries

TinyMCE1.0

SQL Query Safety

33% prepared3 total queries

Output Escaping

36% escaped332 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

10 flows5 with unsanitized paths
init (admin\class-rentsyst-admin.php:82)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

RentSyst – CRM solution for fleet management Attack Surface

Entry Points32
Unprotected4

REST API Routes 4

POST/wp-json/rentsyst/v1/settings/saveincludes\class-rentsyst.php:171
GET/wp-json/rentsyst/v1/access-tokenincludes\class-rentsyst.php:200
POST/wp-json/rentsyst/v1/settings/saveincludes\Rentsyst.php:147
GET/wp-json/rentsyst/v1/access-tokensite\Rentsyst_Site.php:38

Shortcodes 28

[rentsyst_booking] includes\shortcodes\booking.php:8
[rentsyst_search_form] includes\shortcodes\booking.php:47
[rentsyst_catalog_img] includes\shortcodes\catalog.php:10
[rentsyst_catalog_vehicle_link] includes\shortcodes\catalog.php:18
[rentsyst_catalog_vehicle_link_button] includes\shortcodes\catalog.php:26
[rentsyst_catalog_title] includes\shortcodes\catalog.php:34
[rentsyst_catalog_min_price] includes\shortcodes\catalog.php:42
[rentsyst_catalog_price] includes\shortcodes\catalog.php:53
[rentsyst_catalog_period_prices] includes\shortcodes\catalog.php:64
[rentsyst_catalog_category] includes\shortcodes\catalog.php:94
[rentsyst_catalog_transmission] includes\shortcodes\catalog.php:102
[rentsyst_catalog_passengers] includes\shortcodes\catalog.php:110
[rentsyst_catalog_luggage] includes\shortcodes\catalog.php:118
[rentsyst_catalog_body_type] includes\shortcodes\catalog.php:126
[rentsyst_catalog_year] includes\shortcodes\catalog.php:134
[rentsyst_catalog_vehicle_id] includes\shortcodes\catalog.php:142
[rentsyst_catalog_fuel] includes\shortcodes\catalog.php:150
[rentsyst_catalog_doors] includes\shortcodes\catalog.php:158
[rentsyst_catalog_color_badge] includes\shortcodes\catalog.php:166
[rentsyst_catalog_odometer] includes\shortcodes\catalog.php:174
[rentsyst_catalog_options] includes\shortcodes\catalog.php:182
[rentsyst_catalog_description] includes\shortcodes\catalog.php:200
[rentsyst_catalog_comments] includes\shortcodes\catalog.php:208
[rentsyst_catalog_slider] includes\shortcodes\catalog.php:217
[rentsyst_catalog_filter] includes\shortcodes\catalog.php:241
[rentsyst_catalog] includes\shortcodes\catalog.php:248
[rentsyst_company_currency] includes\shortcodes\company.php:7
[rentsyst_payment] includes\shortcodes\payment.php:5
WordPress Hooks 45
filterdisplay_post_statesadmin\class-rentsyst-admin.php:89
filterpre_get_postsadmin\components\Rentsyst_CatalogVehicles.php:153
actionadded_post_metaadmin\components\Rentsyst_CatalogVehicles.php:348
actionupdated_post_metaadmin\components\Rentsyst_CatalogVehicles.php:349
actioninitadmin\components\Rentsyst_FormSearch_Widget.php:148
actionenqueue_block_editor_assetsadmin\components\Rentsyst_FormSearch_Widget.php:150
actionwp_print_scriptsadmin\components\Rentsyst_Widget.php:133
actioninitadmin\components\Rentsyst_Widget.php:135
actionenqueue_block_editor_assetsadmin\components\Rentsyst_Widget.php:137
filterdisplay_post_statesadmin\Rentsyst_Admin.php:95
actionadmin_noticesadmin\Rentsyst_Admin.php:127
filterblock_categories_allincludes\blocks\index.php:3
actioninitincludes\blocks\vehicle-characteristics\index.php:114
actioninitincludes\blocks\vehicle-characteristics\index.php:116
actioninitincludes\blocks\vehicle-detail-button\index.php:3
actioninitincludes\blocks\vehicle-reservation-button\index.php:3
actionplugins_loadedincludes\class-rentsyst.php:146
actionadmin_enqueue_scriptsincludes\class-rentsyst.php:161
actionadmin_enqueue_scriptsincludes\class-rentsyst.php:162
actioninitincludes\class-rentsyst.php:163
actionadmin_menuincludes\class-rentsyst.php:164
actionrest_api_initincludes\class-rentsyst.php:170
actionwidgets_initincludes\class-rentsyst.php:177
actioninitincludes\class-rentsyst.php:193
actionget_footerincludes\class-rentsyst.php:194
actionrest_api_initincludes\class-rentsyst.php:199
actionthe_postincludes\rentsyst-functions.php:61
actionplugins_loadedincludes\Rentsyst.php:122
actionadmin_enqueue_scriptsincludes\Rentsyst.php:137
actionadmin_enqueue_scriptsincludes\Rentsyst.php:138
actioninitincludes\Rentsyst.php:139
actionadmin_menuincludes\Rentsyst.php:140
actionrest_api_initincludes\Rentsyst.php:146
actionwidgets_initincludes\Rentsyst.php:153
actioninitincludes\Rentsyst.php:169
actionget_footerincludes\RS_Vehicle.php:41
filterthe_contentpublic\class-rentsyst-public.php:72
filterwp_list_pages_excludespublic\class-rentsyst-public.php:130
actionpre_get_postspublic\class-rentsyst-public.php:132
actionupgrader_process_completerentsyst.php:80
filterthe_contentsite\Rentsyst_CatalogContent.php:24
filterwp_list_pages_excludessite\Rentsyst_Site.php:26
actionpre_get_postssite\Rentsyst_Site.php:28
actionwp_footersite\Rentsyst_Site.php:35
actionrest_api_initsite\Rentsyst_Site.php:37
Maintenance & Trust

RentSyst – CRM solution for fleet management Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0
Last updatedFeb 20, 2026
PHP min version7.0
Downloads20K

Community Trust

Rating86/100
Number of ratings3
Active installs100
Alternatives

RentSyst – CRM solution for fleet management Alternatives

VikRentCar Car Rental Management System

VikRentCar Car Rental Management System

vikrentcar

B
82

Robust Car Rental Management System for any kind of vechicles. The most reliable booking solution for managing vehicles rentals through your website.

4K 9 CVEs
Ever Accounting – Accounting & Invoicing Solution for Small Businesses

Ever Accounting – Accounting & Invoicing Solution for Small Businesses

wp-ever-accounting

A
99

Efficiently manage your payments and expenses, and send professional invoices in multiple currencies with ease using Ever Accounting.

1K 1 CVE
Agile CRM

Agile CRM

agile-crm-lead-management

A
85

Agile CRM is an all-in-one, affordable and next-gen Customer Relationship Management (CRM) software with marketing, sales and service automation

600 No CVEs
Agile CRM Contact Form 7 Forms

Agile CRM Contact Form 7 Forms

agile-crm-contact-form-7-forms

A
85

Agile CRM is an all-in-one, affordable and next-gen Customer Relationship Management (CRM) software with marketing, sales and service automation

100 No CVEs
Agile CRM Gravity Forms

Agile CRM Gravity Forms

agile-crm-gravity-forms

A
85

Agile CRM is an all-in-one, affordable and next-gen Customer Relationship Management (CRM) software with marketing, sales and service automation

100 No CVEs
Developer Profile

RentSyst – CRM solution for fleet management Developer Profile

dimafreund

1 plugin · 100 total installs

87
trust score
Avg Security Score
98/100
Avg Patch Time
35 days
View full developer profile
Detection Fingerprints

How We Detect RentSyst – CRM solution for fleet management

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/rentsyst/admin/css/rentsyst-admin.css/wp-content/plugins/rentsyst/resources/css/fico.css/wp-content/plugins/rentsyst/resources/css/swiper.css/wp-content/plugins/rentsyst/resources/static/css/2.chunk.css
Script Paths
/wp-content/plugins/rentsyst/admin/js/rentsyst-admin.js/wp-content/plugins/rentsyst/resources/js/rentsyst.js/wp-content/plugins/rentsyst/resources/js/swiper.js/wp-content/plugins/rentsyst/resources/static/js/2.chunk.js
Version Parameters
rentsyst/admin/css/rentsyst-admin.css?ver=rentsyst/resources/css/fico.css?ver=rentsyst/resources/css/swiper.css?ver=rentsyst/resources/static/css/2.chunk.css?ver=rentsyst/admin/js/rentsyst-admin.js?ver=rentsyst/resources/js/rentsyst.js?ver=rentsyst/resources/js/swiper.js?ver=rentsyst/resources/static/js/2.chunk.js?ver=

HTML / DOM Fingerprints

CSS Classes
rentsyst_booking_pagesingle-vehiclecatalog
Data Attributes
data-rentsyst-init
JS Globals
rentsyst_admin_params
Shortcode Output
[rentsyst_booking][rentsyst_payment][rentsyst_catalog][rentsyst_company]
FAQ

Frequently Asked Questions about RentSyst – CRM solution for fleet management