Board Document Manager from CHUHPL Security & Risk Analysis

wordpress.org/plugins/board-document-manager-from-chuhpl

A simple management system for Board Meeting agendas and meeting minutes.

10 active installs v1.9.1 PHP + WP + Updated Apr 24, 2023
boarddocumentslibrary
64
C · Use Caution
CVEs total1
Unpatched1
Last CVEDec 5, 2024
Safety Verdict

Is Board Document Manager from CHUHPL Safe to Use in 2026?

Use With Caution

Score 64/100

Board Document Manager from CHUHPL has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Dec 5, 2024Updated 3yr ago
Risk Assessment

The plugin "board-document-manager-from-chuhpl" v1.9.1 presents a mixed security posture. While it boasts a small attack surface and no known critical or high severity vulnerabilities stemming from the static analysis, significant concerns arise from the code quality and its vulnerability history. The low percentage of properly escaped output (7%) and the presence of unsanitized paths in taint analysis, including one high severity flow, indicate potential for cross-site scripting (XSS) or other input validation vulnerabilities. The lack of any nonce or capability checks on the identified entry points further exacerbates these risks, as any user could potentially interact with these functionalities without proper authorization or protection. The vulnerability history, which includes a medium severity XSS vulnerability last patched in late 2024, reinforces these concerns, suggesting a pattern of insecure coding practices that have led to exploitable issues. Despite its limited attack surface, the poor output escaping and taint flow issues, coupled with past vulnerabilities, suggest a need for significant code review and remediation to improve its overall security.

Key Concerns

  • Unpatched CVE (medium severity)
  • High severity taint flow with unsanitized path
  • Low output escaping percentage (7%)
  • 0 Nonce checks on entry points
  • 0 Capability checks on entry points
  • Unsanitized paths found in taint analysis
  • Low percentage of prepared SQL statements (73%)
Vulnerabilities
1 published

Board Document Manager from CHUHPL Security Vulnerabilities

CVEs by Year

1 CVE in 2024 · unpatched
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-54238medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Board Document Manager from CHUHPL <= 1.9.1 - Reflected Cross-Site Scripting

Dec 5, 2024Unpatched
Version History

Board Document Manager from CHUHPL Release Timeline

v1.81 CVE
v1.71 CVE
Code Analysis
Analyzed Mar 17, 2026

Board Document Manager from CHUHPL Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
8 prepared
Unescaped Output
40
3 escaped
Nonce Checks
0
Capability Checks
0
File Operations
6
External Requests
0
Bundled Libraries
0

SQL Query Safety

73% prepared11 total queries

Output Escaping

7% escaped43 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
<form_delete> (templates\form_delete.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Board Document Manager from CHUHPL Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[showBoardDocumentManager] board_document_manager_from_CHUHPL.php:44
WordPress Hooks 5
actionwp_enqueue_scriptsboard_document_manager_from_CHUHPL.php:30
actionwp_enqueue_scriptsboard_document_manager_from_CHUHPL.php:31
actionadmin_menuboard_document_manager_from_CHUHPL.php:33
actionadmin_menuboard_document_manager_from_CHUHPL.php:34
actionadmin_menuboard_document_manager_from_CHUHPL.php:35
Maintenance & Trust

Board Document Manager from CHUHPL Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9
Last updatedApr 24, 2023
PHP min version
Downloads2K

Community Trust

Rating20/100
Number of ratings1
Active installs10
Developer Profile

Board Document Manager from CHUHPL Developer Profile

74
trust score
Avg Security Score
71/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Board Document Manager from CHUHPL

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/board-document-manager-from-chuhpl/bdmStyle.css

HTML / DOM Fingerprints

Data Attributes
data-code
JS Globals
window.bdmchuhpl_formCodewindow.bdmchuhpl_formSource
Shortcode Output
[showBoardDocumentManager]
FAQ

Frequently Asked Questions about Board Document Manager from CHUHPL