WP-Safety

VikRentCar Car Rental Management System Security & Risk Analysis

wordpress.org/plugins/vikrentcar

Robust Car Rental Management System for any kind of vechicles. The most reliable booking solution for managing vehicles rentals through your website.

4K active installs v1.4.5 PHP 7.1+ WP 4.7+ Updated Dec 3, 2025
car-rentalrent-a-carrental-managementvehiclesvehicles-booking
82
B · Generally Safe
CVEs total9
Unpatched0
Last CVEDec 1, 2025
Plugin page Download
Safety Verdict

Is VikRentCar Car Rental Management System Safe to Use in 2026?

Mostly Safe

Score 82/100

VikRentCar Car Rental Management System is generally safe to use. 9 past CVEs were resolved. Keep it updated.

9 known CVEsLast CVE: Dec 1, 2025Updated 4mo ago
Risk Assessment

The vikrentcar plugin version 1.4.5 presents a mixed security posture. While it demonstrates some good practices such as a majority of SQL queries using prepared statements and a good number of total output escapes, significant concerns remain. The presence of an unprotected AJAX handler drastically increases the attack surface and poses a direct risk of unauthorized actions. Furthermore, the alarming statistic of only 13% of outputs being properly escaped indicates a high likelihood of Cross-Site Scripting (XSS) vulnerabilities being present in the plugin's frontend. This is further compounded by a history of 9 known CVEs, including critical and high severity issues like SQL Injection, CSRF, and XSS, with the last vulnerability reported in late 2025. This history suggests a recurring pattern of security weaknesses that have not been fully addressed.

While the lack of critical taint analysis findings and the absence of unpatched CVEs are positive indicators, they do not negate the immediate risks identified in the static analysis. The unprotected AJAX endpoint is a critical vulnerability that needs immediate attention. The low percentage of properly escaped output also suggests that numerous XSS vulnerabilities are likely present and exploitable. The plugin's historical vulnerability pattern, including various types of critical and high-severity issues, indicates a need for more rigorous security development practices to prevent future occurrences. The reliance on outdated bundled libraries like TCPDF v1.0.004 and jQuery v1.11.1 also introduces potential risks if vulnerabilities exist within those older versions.

In conclusion, vikrentcar v1.4.5 has some foundational security elements in place, but these are overshadowed by significant immediate risks in its attack surface and output escaping. The plugin's past vulnerability record further elevates the concern, suggesting a need for a comprehensive security review and remediation. Users should exercise extreme caution and prioritize patching or seeking secure alternatives.

Key Concerns

  • Unprotected AJAX handler found
  • Low percentage of properly escaped outputs
  • No nonce checks on entry points
  • No capability checks on entry points
  • Bundled outdated TCPDF library
  • Bundled outdated jQuery library
  • History of 9 CVEs (1 critical, 3 high)
Vulnerabilities
9

VikRentCar Car Rental Management System Security Vulnerabilities

CVEs by Year

2 CVEs in 2021
2021
1 CVE in 2023
2023
3 CVEs in 2024
2024
3 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
3
Medium
5

9 total CVEs

CVE-2025-13724high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

VikRentCar Car Rental Management System <= 1.4.4 - Authenticated (Author+) SQL Injection via 'month' Parameter

Dec 1, 2025 Patched in 1.4.5 (1d)
CVE-2025-5322high · 7.2Unrestricted Upload of File with Dangerous Type

VikRentCar Car Rental Management System <= 1.4.3 - Authenticated (Administrator+) Arbitrary File Upload

Jul 3, 2025 Patched in 1.4.4 (1d)
CVE-2024-11640high · 8.8Cross-Site Request Forgery (CSRF)

VikRentCar Car Rental Management System <= 1.4.2 - Cross-Site Request Forgery to Authenticated (Subscriber+) Arbitrary File Upload

Mar 7, 2025 Patched in 1.4.3 (1d)
CVE-2024-39653critical · 10Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

VikRentCar <= 1.4.0 - Unauthenticated SQL Injection

Aug 1, 2024 Patched in 1.4.1 (7d)
CVE-2024-1845medium · 4.3Cross-Site Request Forgery (CSRF)

VikRentCar Car Rental Management System <= 1.3.1 - Cross-Site Request Forgery

Jul 20, 2024 Patched in 1.3.2 (4d)
CVE-2024-32780medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

VikRentCar Car Rental Management System <= 1.3.2 - Information Exposure

Apr 22, 2024 Patched in 1.3.3 (9d)
CVE-2023-23998medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

VikRentCar Car Rental Management System <= 1.3.0 - Authenticated (Admin+) Cross Site Scripting

Jan 20, 2023 Patched in 1.3.1 (368d)
CVE-2021-24519medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

VikRentCar Car Rental Management System < 1.1.10 - Authenticated (Admin+) Stored Cross-Site Scripting

Jul 19, 2021 Patched in 1.1.10 (918d)
CVE-2021-24388medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Vik Rent Car <= 1.1.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Jun 14, 2021 Patched in 1.1.7 (953d)
Code Analysis
Analyzed Mar 16, 2026

VikRentCar Car Rental Management System Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
6 prepared
Unescaped Output
3099
483 escaped
Nonce Checks
0
Capability Checks
0
File Operations
118
External Requests
2
Bundled Libraries
5

Bundled Libraries

PHPMailerTinyMCESelect2TCPDF1.0.004jQuery1.11.1

SQL Query Safety

75% prepared8 total queries

Output Escaping

13% escaped3582 total outputs
Attack Surface
1 unprotected

VikRentCar Car Rental Management System Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

authwp_ajax_vikrentcarvikrentcar.php:197

Shortcodes 1

[vikrentcar] vikrentcar.php:212
WordPress Hooks 35
actionadmin_enqueue_scriptsadmin\helpers\jv_helper.php:534
actioninitvikrentcar.php:27
actionautomatic_updates_completevikrentcar.php:37
filterauto_update_pluginvikrentcar.php:49
actionin_plugin_update_message-vikrentcar/vikrentcar.phpvikrentcar.php:65
actionplugins_loadedvikrentcar.php:75
actionplugins_loadedvikrentcar.php:78
actioncurrent_screenvikrentcar.php:84
filterset-screen-optionvikrentcar.php:85
filterset_screen_option_vikrentcar_list_limitvikrentcar.php:93
actioninitvikrentcar.php:96
actionwp_logoutvikrentcar.php:97
actionplugins_loadedvikrentcar.php:100
actioninitvikrentcar.php:146
actionadmin_menuvikrentcar.php:206
actionwidgets_initvikrentcar.php:209
actionvikrentcar_before_dispatchvikrentcar.php:256
filtervik_date_default_timezonevikrentcar.php:304
actionvikrentcar_after_dispatchvikrentcar.php:310
actionadmin_post_vikrentcarvikrentcar.php:335
actionadmin_post_nopriv_vikrentcarvikrentcar.php:336
actionsave_postvikrentcar.php:348
actiontrashed_postvikrentcar.php:420
actionuntrashed_postvikrentcar.php:440
actiondeleted_postvikrentcar.php:460
filtermce_buttonsvikrentcar.php:494
filtermce_external_pluginsvikrentcar.php:497
actioninitvikrentcar.php:506
actiondeleted_blogvikrentcar.php:517
actionplugins_loadedvikrentcar.php:531
filterplugin_action_linksvikrentcar.php:546
actionvik_widget_before_dispatch_sitevikrentcar.php:556
actionvik_widget_after_dispatch_sitevikrentcar.php:570
filtervik_plugin_load_languagevikrentcar.php:589
filterrun_wptexturizevikrentcar.php:613
Maintenance & Trust

VikRentCar Car Rental Management System Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 3, 2025
PHP min version7.1
Downloads76K

Community Trust

Rating96/100
Number of ratings30
Active installs4K
Alternatives

VikRentCar Car Rental Management System Alternatives

RentSyst – CRM solution for fleet management

RentSyst – CRM solution for fleet management

rentsyst

A
98

RentSyst - this plugin is suitable for the car rental business, which is designed to organize, optimize and simplify the work of the company.

100 2 CVEs
Ibexrentacar

Ibexrentacar

ibexrentacar

A
85

Turn your WordPress blog into a full online booking system connected to your Ibexrentacar. Technology and innovation for your car rental company.

10 No CVEs
Sofcar for WP

Sofcar for WP

sofcar-for-wp

A
85

Sofcar is a customizable car rental booking engine with online payment gateways, automatic email notifications, fully compatible with all WordPress Th &hellip;

10 No CVEs
Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin

Tourfic – Travel Booking, Hotel Booking & Car Rental WordPress Plugin

tourfic

A
93

Hotel, Travel, Car Rental & Tour Booking WordPress plugin. Build a website like Agoda, Booking.com, Airbnb, Enterprise, Avis with WooCommerce

2K 8 CVEs
VikRentItems Flexible Rental Management System

VikRentItems Flexible Rental Management System

vikrentitems

A
99

Multi-purpose Items Rental Management System for any kind of objects. The most efficient booking solution for managing item rentals through your site.

600 1 CVE
Developer Profile

VikRentCar Car Rental Management System Developer Profile

e4jvikwp

7 plugins · 16K total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
244 days
View full developer profile
Detection Fingerprints

How We Detect VikRentCar Car Rental Management System

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/vikrentcar/admin/assets/css/vikrentcar-backend.css/wp-content/plugins/vikrentcar/admin/assets/css/vikrentcar-jquery.css/wp-content/plugins/vikrentcar/admin/assets/css/vikrentcar-layout.css/wp-content/plugins/vikrentcar/admin/assets/css/vikrentcar-rtl.css/wp-content/plugins/vikrentcar/admin/assets/css/vikrentcar-typography.css/wp-content/plugins/vikrentcar/admin/assets/js/vikrentcar-backend.js/wp-content/plugins/vikrentcar/admin/assets/js/vikrentcar-jquery.js/wp-content/plugins/vikrentcar/admin/assets/js/vikrentcar-plugins.js+9 more
Script Paths
/wp-content/plugins/vikrentcar/admin/assets/js/vikrentcar-backend.js/wp-content/plugins/vikrentcar/admin/assets/js/vikrentcar-jquery.js/wp-content/plugins/vikrentcar/admin/assets/js/vikrentcar-plugins.js/wp-content/plugins/vikrentcar/admin/assets/js/vikrentcar-script.js/wp-content/plugins/vikrentcar/site/assets/js/vikrentcar-frontend.js/wp-content/plugins/vikrentcar/site/assets/js/vikrentcar-jquery.js+2 more
Version Parameters
vikrentcar/admin/assets/css/vikrentcar-backend.css?ver=vikrentcar/admin/assets/css/vikrentcar-jquery.css?ver=vikrentcar/admin/assets/css/vikrentcar-layout.css?ver=vikrentcar/admin/assets/css/vikrentcar-rtl.css?ver=vikrentcar/admin/assets/css/vikrentcar-typography.css?ver=vikrentcar/admin/assets/js/vikrentcar-backend.js?ver=vikrentcar/admin/assets/js/vikrentcar-jquery.js?ver=vikrentcar/admin/assets/js/vikrentcar-plugins.js?ver=vikrentcar/admin/assets/js/vikrentcar-script.js?ver=vikrentcar/site/assets/css/vikrentcar-frontend.css?ver=vikrentcar/site/assets/css/vikrentcar-layout.css?ver=vikrentcar/site/assets/css/vikrentcar-rtl.css?ver=vikrentcar/site/assets/css/vikrentcar-typography.css?ver=vikrentcar/site/assets/js/vikrentcar-frontend.js?ver=vikrentcar/site/assets/js/vikrentcar-jquery.js?ver=vikrentcar/site/assets/js/vikrentcar-plugins.js?ver=vikrentcar/site/assets/js/vikrentcar-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
vikrentcar-backendvikrentcar-frontendvikrentcar-layoutvikrentcar-typographyvikrentcar-rtl
Data Attributes
data-option="com_vikrentcar"data-view="vikrentcar"
JS Globals
Joomla
Shortcode Output
[vikrentcar]
FAQ

Frequently Asked Questions about VikRentCar Car Rental Management System