Does Vehizo have any unpatched vulnerabilities?

No. All known vulnerabilities in Vehizo have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Vehizo compatible with WordPress 6.7.5?

According to WordPress.org data, Vehizo 4.1.6 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Vehizo compatible with PHP 8.0+?

Vehizo requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Vehizo updated?

Vehizo was last updated on Dec 29, 2025. Frequent updates are generally a positive security signal.

What is Vehizo's security score?

Vehizo has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Vehizo Security & Risk Analysis

wordpress.org/plugins/vehizo-vehicle-management

Professional vehicle management for WordPress. Perfect for car dealerships with advanced filtering and contact forms.

10 active installs v4.1.6 PHP 8.0+ WP 6.0+ Updated Dec 29, 2025

automotivecarsdealershipinventoryvehicles

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Vehizo Safe to Use in 2026?

Generally Safe

Score 100/100

Vehizo has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "vehizo-vehicle-management" v4.1.6 plugin exhibits a generally good security posture, with a high percentage of prepared SQL statements and properly escaped output, which are strong indicators of secure coding practices. The presence of a substantial number of nonce and capability checks further reinforces this. However, a significant concern arises from the static analysis revealing one AJAX handler that lacks authentication checks. This creates a direct entry point for unauthorized actions if exploited. Furthermore, the taint analysis identified one flow with an unsanitized path, flagged as high severity, which could potentially lead to vulnerabilities such as arbitrary file reads or path traversal if not handled carefully by developers.

The plugin's vulnerability history is remarkably clean, with zero recorded CVEs. This absence of past vulnerabilities is a positive sign, suggesting a history of either diligent security attention or fortunate avoidance of exploitable flaws. However, it's crucial to remember that a clean history does not guarantee future security, especially in the presence of identified code-level weaknesses. The strengths of this plugin lie in its robust use of standard WordPress security mechanisms like prepared statements and output escaping. The primary weakness is the unprotected AJAX endpoint, which is a common vector for exploitation and, combined with the high-severity taint flow, presents a tangible risk that needs immediate attention.

Key Concerns

Unprotected AJAX handler
High severity unsanitized path flow

Vulnerabilities

None known

Vehizo Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Vehizo Code Analysis

Dangerous Functions

Raw SQL Queries

28 prepared

Unescaped Output

683 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

93% prepared30 total queries

Output Escaping

95% escaped717 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

14 flows1 with unsanitized paths

handle_ajax_toggle_module (includes\class-admin-ui.php:268)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Vehizo Attack Surface

Entry Points33

Unprotected1

AJAX Handlers 30

authwp_ajax_vehizo_toggle_module_statusincludes\class-admin-ui.php:36

authwp_ajax_vehizo_save_module_settingincludes\class-admin-ui.php:37

authwp_ajax_vehizo_get_module_settingincludes\class-admin-ui.php:38

authwp_ajax_vehizo_update_vehicle_statusincludes\class-admin-ui.php:40

authwp_ajax_vehizo_autosave_vehicleincludes\class-admin-vehicle-editor.php:46

authwp_ajax_vehizo_save_gallery_orderincludes\class-admin-vehicle-editor.php:49

authwp_ajax_vehizo_save_tab_dataincludes\class-admin-vehicle-editor.php:52

authwp_ajax_vehizo_reset_appearance_settingsincludes\class-filter-settings.php:441

authwp_ajax_vehizo_export_appearance_settingsincludes\class-filter-settings.php:442

authwp_ajax_vehizo_import_appearance_settingsincludes\class-filter-settings.php:443

authwp_ajax_vehizo_save_customizerincludes\class-frontend-customizer.php:35

authwp_ajax_vehizo_reset_customizerincludes\class-frontend-customizer.php:36

authwp_ajax_vehizo_theme_presetincludes\class-frontend-customizer.php:37

authwp_ajax_vehizo_manual_importincludes\class-mobile-importer.php:60

authwp_ajax_vehizo_test_apiincludes\class-mobile-importer.php:61

authwp_ajax_vehizo_toggle_module_statusincludes\class-modules.php:34

authwp_ajax_vehizo_get_module_settingincludes\class-modules.php:35

authwp_ajax_vehizo_save_module_settingincludes\class-modules.php:36

authwp_ajax_vehizo_get_models_for_makeincludes\class-shortcode-vehicles.php:29

noprivwp_ajax_vehizo_get_models_for_makeincludes\class-shortcode-vehicles.php:30

authwp_ajax_vehizo_filter_vehiclesincludes\class-shortcode-vehicles.php:32

noprivwp_ajax_vehizo_filter_vehiclesincludes\class-shortcode-vehicles.php:33

authwp_ajax_vehizo_track_inquiryincludes\class-statistics-module.php:31

noprivwp_ajax_vehizo_track_inquiryincludes\class-statistics-module.php:32

noprivwp_ajax_vehizo_get_wishlist_vehiclesincludes\class-wishlist-module.php:42

authwp_ajax_vehizo_get_wishlist_vehiclesincludes\class-wishlist-module.php:43

authwp_ajax_vehizo_wishlist_statsincludes\class-wishlist-module.php:632

authwp_ajax_vehizo_send_contact_formvehizo-vehicle-management.php:658

noprivwp_ajax_vehizo_send_contact_formvehizo-vehicle-management.php:659

authwp_ajax_vehizo_toggle_module_statusvehizo-vehicle-management.php:1012

Shortcodes 3

[vehizo_vehicles] includes\class-shortcode-vehicles.php:25

[vehizo_filter] includes\class-shortcode-vehicles.php:26

[vehizo_wishlist] includes\class-wishlist-module.php:41

WordPress Hooks 69

actionadmin_menuincludes\class-admin-ui.php:30

actionadmin_enqueue_scriptsincludes\class-admin-ui.php:31

actionadmin_initincludes\class-admin-ui.php:32

actionadmin_initincludes\class-admin-ui.php:33

actionadmin_initincludes\class-admin-ui.php:34

actionadmin_initincludes\class-admin-ui.php:39

actionadmin_post_vehizo_bulk_delete_vehiclesincludes\class-admin-ui.php:41

actionadmin_enqueue_scriptsincludes\class-admin-vehicle-editor.php:43

actionadmin_post_vehizo_save_vehicleincludes\class-admin-vehicle-editor.php:55

actionadmin_post_vehizo_emergency_uploadincludes\class-admin-vehicle-editor.php:58

actionadmin_post_vehizo_delete_vehicleincludes\class-admin-vehicle-editor.php:61

actionadd_meta_boxesincludes\class-admin-vehicle-editor.php:64

actionsave_post_vehizo_vehicleincludes\class-admin-vehicle-editor.php:65

actionsave_post_vehizo_vehicleincludes\class-admin-vehicle-editor.php:66

actionsave_post_vehizo_vehicleincludes\class-admin-vehicle-editor.php:150

actionsave_post_vehizo_vehicleincludes\class-admin-vehicle-editor.php:151

actionadmin_initincludes\class-filter-settings.php:34

actionadmin_enqueue_scriptsincludes\class-filter-settings.php:35

filtervehizo_dashboard_tabsincludes\class-frontend-customizer.php:31

actionvehizo_render_dashboard_tab_customizerincludes\class-frontend-customizer.php:32

actionadmin_enqueue_scriptsincludes\class-frontend-customizer.php:34

filtervehizo_dynamic_css_refactoredincludes\class-frontend-customizer.php:40

filtervehizo_dashboard_tabsincludes\class-info-tab.php:31

actionvehizo_render_dashboard_tab_infoincludes\class-info-tab.php:34

actionadmin_enqueue_scriptsincludes\class-info-tab.php:37

actionadmin_enqueue_scriptsincludes\class-mobile-importer.php:57

actionadmin_enqueue_scriptsincludes\class-modules.php:39

actioninitincludes\class-modules.php:660

actionadmin_enqueue_scriptsincludes\class-pro-tab-loader.php:30

actionvehizo_render_dashboard_tab_proincludes\class-pro-tab-loader.php:33

filtervehizo_vehicle_editor_tabsincludes\class-seo-module.php:33

actionvehizo_vehicle_editor_tab_contentincludes\class-seo-module.php:36

filtervehizo_allowed_meta_fieldsincludes\class-seo-module.php:39

actionadmin_enqueue_scriptsincludes\class-seo-module.php:42

filterbody_classincludes\class-shortcode-vehicles.php:27

actionplugins_loadedincludes\class-shortcode-vehicles.php:590

filtervehizo_dashboard_tabsincludes\class-statistics-module.php:24

actionvehizo_render_dashboard_tab_statisticsincludes\class-statistics-module.php:25

actionwpincludes\class-statistics-module.php:28

actionwp_enqueue_scriptsincludes\class-statistics-module.php:35

actionadmin_enqueue_scriptsincludes\class-statistics-module.php:38

actionadmin_enqueue_scriptsincludes\class-wishlist-module.php:40

actionvehizo_single_vehicle_actionsincludes\class-wishlist-module.php:47

actionvehizo_cleanup_wishlistincludes\class-wishlist-module.php:50

actioninitincludes\class-wishlist-module.php:698

actionwp_dashboard_setupincludes\class-wishlist-module.php:702

actioninitincludes\class-wishlist-module.php:703

actionplugins_loadedincludes\seo-module-loader.php:20

actionwp_headincludes\seo-module-loader.php:28

actioninitvehizo-vehicle-management.php:54

actionplugins_loadedvehizo-vehicle-management.php:59

actioninitvehizo-vehicle-management.php:70

actionwp_headvehizo-vehicle-management.php:99

actioninitvehizo-vehicle-management.php:107

actionwp_enqueue_scriptsvehizo-vehicle-management.php:195

actionwp_headvehizo-vehicle-management.php:317

filtertemplate_includevehizo-vehicle-management.php:467

actionwp_enqueue_scriptsvehizo-vehicle-management.php:480

actionvehizo_after_single_vehicle_contentvehizo-vehicle-management.php:535

actionwp_footervehizo-vehicle-management.php:536

actionvehizo_single_vehicle_actionsvehizo-vehicle-management.php:555

actionadmin_initvehizo-vehicle-management.php:906

actionadmin_noticesvehizo-vehicle-management.php:912

actionsave_post_vehizo_vehiclevehizo-vehicle-management.php:923

filtermanage_vehizo_vehicle_posts_columnsvehizo-vehicle-management.php:995

actionmanage_vehizo_vehicle_posts_custom_columnvehizo-vehicle-management.php:1000

filterget_edit_post_linkvehizo-vehicle-management.php:1016

actionvehizo_module_status_changedvehizo-vehicle-management.php:1032

actionvehizo_single_vehicle_actionsvehizo-vehicle-management.php:1042

Scheduled Events 1

vehizo_cleanup_old_vehicles

Maintenance & Trust

Vehizo Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedDec 29, 2025

PHP min version8.0

Downloads283

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Vehizo Alternatives

Motors VIN Decoder

motors-vin-decoder

100

Motors VIN Decoder & Vehicle History Check is free plugin to decode your vehicle VIN. Free version is based on USA National Highway Traffic Safety …

500 No CVEs

CarDealerPress

cardealerpress

In order to use CarDealerPress a subscription is required with DealerTrend. The plugin utilizes their API to pull automotive data.

40 2 CVEs

Automotive Inventory Importer – Sync Car Dealer Feeds

automotive-feed-import

100

Automatically update your car inventory on your website. No manual entry needed. Stop wasting hours uploading cars one by one.

10 No CVEs

Formulas

formulas

Automotive formulas for car enthusiast web sites

10 No CVEs

Directorykit Car Dealer Addon

directorykit-car-dealer-addon

100

Transforms WordPress into a car dealership portal with demo listings; fully customizable with Elementor for automotive sites.

0 No CVEs

Developer Profile

Vehizo Developer Profile

Thorsten Glander

2 plugins · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Vehizo

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/vehizo-vehicle-management/assets/css/vehizo-frontend.css/wp-content/plugins/vehizo-vehicle-management/assets/css/vehizo-frontend-customizer.css/wp-content/plugins/vehizo-vehicle-management/assets/js/vehizo-frontend.js/wp-content/plugins/vehizo-vehicle-management/assets/js/vehizo-wishlist.js/wp-content/plugins/vehizo-vehicle-management/assets/js/vehizo-statistics.js

Version Parameters

vehizo-vehicle-management/assets/css/vehizo-frontend.css?ver=vehizo-vehicle-management/assets/css/vehizo-frontend-customizer.css?ver=vehizo-vehicle-management/assets/js/vehizo-frontend.js?ver=vehizo-vehicle-management/assets/js/vehizo-wishlist.js?ver=vehizo-vehicle-management/assets/js/vehizo-statistics.js?ver=

HTML / DOM Fingerprints

CSS Classes

vehizo-frontend-stylesvehizo-vehicle-listingvehizo-vehicle-singlevehizo-vehicle-filtervehizo-wishlist-buttonvehizo-wishlist-added

HTML Comments

Data Attributes

data-vehizo-wishlist-iddata-vehizo-vehicle-id

JS Globals

vehizoFrontendParamsvehizoWishlistParams

REST Endpoints

/wp-json/vehizo/v1/vehicles/wp-json/vehizo/v1/vehicle/wp-json/vehizo/v1/wishlist

Shortcode Output

[vehizo_vehicles[vehizo_vehicle_details[vehizo_search_form

FAQ