Digital Board Security & Risk Analysis

wordpress.org/plugins/digital-board

Digital board for lobbies for displaying messages and ads to tenants and guests.

10 active installs v1.0.0 PHP + WP 5.0+ Updated May 1, 2020
adsboarddigitalmessagessignage
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Digital Board Safe to Use in 2026?

Generally Safe

Score 85/100

Digital Board has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The digital-board plugin version 1.0.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by having no recorded vulnerabilities, no dangerous functions, and all SQL queries utilize prepared statements. The absence of file operations and critical or high-severity taint flows is also encouraging. However, several areas raise concern. The plugin has a notable attack surface with 9 entry points, and a significant portion of these (1 out of 9) are unprotected by authentication checks, specifically an AJAX handler. Furthermore, the output escaping is a major weakness, with only 22% of outputs being properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The lack of capability checks for entry points is another significant oversight. While the vulnerability history is clean, this cannot be relied upon as a sole indicator of security, especially given the identified code weaknesses.

Key Concerns

  • AJAX handler without authentication check
  • Low percentage of properly escaped output
  • No capability checks on entry points
  • Only one nonce check for multiple entry points
Vulnerabilities
None known

Digital Board Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Digital Board Release Timeline

v1.0.0Current
Code Analysis
Analyzed Apr 16, 2026

Digital Board Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
53
15 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
3
Bundled Libraries
0

Output Escaping

22% escaped68 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
ajax_heartbeat2_handler (class.heartbeat2.php:29)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Digital Board Attack Surface

Entry Points9
Unprotected1

AJAX Handlers 2

authwp_ajax_heartbeat2class.heartbeat2.php:24
noprivwp_ajax_heartbeat2class.heartbeat2.php:25

Shortcodes 7

[sunrise] shortcodes.php:110
[sunset] shortcodes.php:111
[hebday] shortcodes.php:112
[hebdate] shortcodes.php:113
[parashat] shortcodes.php:114
[candles] shortcodes.php:115
[havdalah] shortcodes.php:116
WordPress Hooks 29
actioninitclass.dboard.php:47
actionplugins_loadedclass.dboard.php:48
actionwidgets_initclass.dboard.php:49
filterheartbeat2_settingsclass.dboard.php:50
filterheartbeat2_receivedclass.dboard.php:51
actionadmin_initclass.dboard.php:52
actionadmin_menuclass.dboard.php:53
filteradmin_post_thumbnail_htmlclass.dboard.php:54
actionsave_postclass.dboard.php:55
filterwp_feed_cache_transient_lifetimeclass.dboard.php:549
actionwp_enqueue_scriptsclass.heartbeat2.php:26
actionadmin_enqueue_scriptsclass.settings.php:32
actionadmin_initmb-memorial-day.php:31
actionsoul_memorial_daily_eventmb-memorial-day.php:32
actionadd_meta_boxesmb-memorial-day.php:42
actionsave_postmb-memorial-day.php:43
actioninitmb-memorial-day.php:185
actionadmin_initmb-msgs.php:24
actionadd_meta_boxesmb-msgs.php:28
actionsave_postmb-msgs.php:29
actioninitmb-msgs.php:79
filterpage_attributes_dropdown_pages_argspagetemplater.php:43
filterwp_insert_post_datapagetemplater.php:61
filtertemplate_includepagetemplater.php:69
actionplugins_loadedpagetemplater.php:167
actionwp_enqueue_scriptstemplates/dboard-template-1.php:21
actionwp_enqueue_scriptstemplates/dboard-template-1.php:22
actionwp_enqueue_scriptstemplates/dboard-template-2.php:25
actionwp_enqueue_scriptstemplates/dboard-template-2.php:26

Scheduled Events 1

soul_memorial_daily_event
Maintenance & Trust

Digital Board Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19
Last updatedMay 1, 2020
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Digital Board Developer Profile

Roi Dayan

5 plugins · 200 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Digital Board

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/digital-board/css/dboard.css/wp-content/plugins/digital-board/js/dboard.js
Script Paths
/wp-content/plugins/digital-board/js/dboard.js
Version Parameters
digital-board/css/dboard.css?ver=digital-board/js/dboard.js?ver=

HTML / DOM Fingerprints

CSS Classes
dboard-messagedboard-newsdboard-clockdboard-weather
Data Attributes
data-dboard-use-image-provider
Shortcode Output
[dboard_msg][dboard_news][dboard_clock][dboard_weather]
FAQ

Frequently Asked Questions about Digital Board