WP-Safety

CPD-Journals Security & Risk Analysis

wordpress.org/plugins/cpd-journals

Turns a WordPress Multisite installation into a CPD (Continuous Professional Development) journal platform.

10 active installs v0.3 PHP + WP 3.4+ Updated Unknown
continual-professional-developmentcpdmultisitenetwork
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is CPD-Journals Safe to Use in 2026?

Generally Safe

Score 100/100

CPD-Journals has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The "cpd-journals" v0.3 plugin exhibits a mixed security posture. While it has no recorded vulnerabilities and demonstrates good practices like using prepared statements for most SQL queries and a single nonce and capability check, significant concerns arise from its attack surface. Two AJAX handlers are present, and alarmingly, both lack authentication checks, making them prime targets for unauthorized actions. The taint analysis further amplifies these concerns, revealing two high-severity flows with unsanitized paths, indicating potential for data injection or manipulation. The low percentage of properly escaped output (17%) suggests a risk of Cross-Site Scripting (XSS) vulnerabilities, especially when combined with the unsanitized input from the unprotected AJAX endpoints. The lack of historical vulnerabilities might suggest a small user base or recent development, but it does not negate the current risks identified in the code. In conclusion, the plugin has some strong security foundations but is significantly weakened by unprotected entry points and potential for high-severity taint flows and XSS.

Key Concerns

  • Unprotected AJAX handlers
  • High severity taint flows
  • Low percentage of proper output escaping
Vulnerabilities
None known

CPD-Journals Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

CPD-Journals Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
36 prepared
Unescaped Output
40
8 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

88% prepared41 total queries

Output Escaping

17% escaped48 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths
update_cpd_settings (cpd-journals.php:205)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

CPD-Journals Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_posts_in_weekcpd-journals.php:89
authwp_ajax_posts_by_usercpd-journals.php:90
WordPress Hooks 24
actionset_user_rolecpd-journals.php:65
filtereditable_rolescpd-journals.php:66
filteruser_has_capcpd-journals.php:67
actionwp_network_dashboard_setupcpd-journals.php:80
actionwp_dashboard_setupcpd-journals.php:81
actionadmin_noticescpd-journals.php:82
actionnetwork_admin_menucpd-journals.php:84
actionnetwork_admin_edit_update_cpd_settingscpd-journals.php:85
actionadmin_menucpd-journals.php:86
actionedit_user_profilecpd-journals.php:93
actionshow_user_profilecpd-journals.php:94
actionedit_user_profile_updatecpd-journals.php:95
actionpersonal_options_updatecpd-journals.php:96
actionwpmu_new_usercpd-journals.php:97
actionsave_postcpd-journals.php:99
actionsave_postcpd-journals.php:100
filterwp_mail_content_typecpd-journals.php:101
actionmanage_users_custom_columncpd-journals.php:104
filtermanage_users-network_sortable_columnscpd-journals.php:105
filterviews_users-networkcpd-journals.php:106
filterwpmu_users_columnscpd-journals.php:107
actionpre_user_querycpd-journals.php:108
actioncpd_unassigned_users_emailcpd-journals.php:109
filterwp_mail_content_typecpd-journals.php:295

Scheduled Events 1

cpd_unassigned_users_email
Maintenance & Trust

CPD-Journals Maintenance & Trust

Maintenance Signals

WordPress version tested3.6.1
Last updatedUnknown
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

CPD-Journals Alternatives

Unconfirmed

Unconfirmed

unconfirmed

B
84

Allows WordPress admins to manage unactivated users, by activating them manually, deleting their pending registrations, or resending the activation em …

2K 1 CVE
Network Username Restrictions Override

Network Username Restrictions Override

network-username-restrictions-override

A
92

Override restrictions on WordPress network usernames.

100 No CVEs
Plugin Activation Status

Plugin Activation Status

plugin-activation-status

A
85

Scans a multisite or multi-network installation to identify all plugins that are active or not.

100 No CVEs
WP Over Network

WP Over Network

wp-over-network

A
85

Add ability to get posts from over your network sites. Supports widget, shortcode, and customizable original function.

90 No CVEs
Multisite Enhancements

Multisite Enhancements

multisite-enhancements

A
92

Enhance Multisite for Network Admins with different topics

70 No CVEs
Developer Profile

CPD-Journals Developer Profile

saulcoz

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect CPD-Journals

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cpd-journals/cpd-journals.css/wp-content/plugins/cpd-journals/cpd-journals.js

HTML / DOM Fingerprints

CSS Classes
cpd_profile
HTML Comments
<!-- CPD-journals plugin comments -->
Data Attributes
data-cpd-user-iddata-cpd-post-id
JS Globals
cpd_journal_ajax_object
FAQ

Frequently Asked Questions about CPD-Journals