Does Demo Mode have any unpatched vulnerabilities?

No. All known vulnerabilities in Demo Mode have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Demo Mode compatible with WordPress 2.2.2?

According to WordPress.org data, Demo Mode 1.2 has been tested up to WordPress 2.2.2. Check the plugin's changelog for the latest compatibility information.

How often is Demo Mode updated?

Demo Mode was last updated on Nov 18, 2007. Frequent updates are generally a positive security signal.

What is Demo Mode's security score?

Demo Mode has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Demo Mode Security & Risk Analysis

wordpress.org/plugins/demo-mode

This plugin adds an additional authentication layer to your WordPress installation to put the site into a demo- or maintainance-mode.

10 active installs v1.2 PHP + WP 2.1+ Updated Nov 18, 2007

accessadmindeveloping

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Demo Mode Safe to Use in 2026?

Generally Safe

Score 85/100

Demo Mode has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 18yr ago

Risk Assessment

The "demo-mode" plugin v1.2 exhibits a strong security posture based on the provided static analysis, with no identified dangerous functions, SQL queries using prepared statements, or unescaped output. The absence of file operations, external HTTP requests, and a limited attack surface with no apparent entry points further contribute to this positive assessment. The vulnerability history is also clean, with no known CVEs, suggesting a well-maintained and secure plugin.

However, the taint analysis reveals two flows with unsanitized paths, both categorized as high severity. While these don't directly translate to direct attack vectors due to the lack of exploitable entry points and other security checks, they represent potential weaknesses that could be leveraged if other vulnerabilities were present or introduced in future versions. The complete absence of nonce and capability checks on the (non-existent) entry points is also a notable point. While not a direct risk in this specific version due to the lack of exposed entry points, it indicates a potential lack of defensive programming practices that could become a concern if the plugin evolves to include more interactive features.

Key Concerns

High severity taint flow with unsanitized path
High severity taint flow with unsanitized path
No nonce checks on potential entry points
No capability checks on potential entry points

Vulnerabilities

None known

Demo Mode Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Demo Mode Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

dprx_auth (demo-mode.php:17)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Demo Mode Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actioninitdemo-mode.php:13

Maintenance & Trust

Demo Mode Maintenance & Trust

Maintenance Signals

WordPress version tested2.2.2

Last updatedNov 18, 2007

PHP min version

Downloads9K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Demo Mode Alternatives

Loginizer

loginizer

Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.

1.0M 8 CVEs

Remove Dashboard Access

remove-dashboard-access-for-non-admins

Disable Dashboard access for users of a specific role or capability. Disallowed users are redirected to a chosen URL. Get set up in seconds.

30K No CVEs

Simple Client Dashboard

webmaster-user-role

100

Restrict permissions with Simple Client Dashboard. Our new "Admin" user role between Administrator and Editor is perfect for clients and Webmasters.

2K No CVEs

WP Logout Redirect

wp-logout-redirect

100

A simple yet powerful plugin that redirects users to a custom URL after logout. Featuring a modern, accessible admin panel with dark mode support.

400 No CVEs

Loginstyle

loginstyle

Brand and customize your login page without any coding knowledge.

200 No CVEs

Developer Profile

Demo Mode Developer Profile

Roland Rust

9 plugins · 180 total installs

trust score

Avg Security Score

88/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Demo Mode

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Data Attributes

name="dprx_username"name="dprx_password"

FAQ