WP-Safety

Digital Service Provider CRM Security & Risk Analysis

wordpress.org/plugins/digital-service-provider-crm

Optimize client management with Digital Service Provider CRM, an essential WordPress plugin for streamlined invoicing.

0 active installs v1.0.1 PHP 5.6+ WP 6.2+ Updated Aug 1, 2025
client-managementcrmdigital-service-providerinvoicing
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Digital Service Provider CRM Safe to Use in 2026?

Generally Safe

Score 100/100

Digital Service Provider CRM has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago
Risk Assessment

The digital-service-provider-crm plugin exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices with a high percentage of properly escaped output and the near-exclusive use of prepared statements for SQL queries. The plugin also shows a good effort in implementing nonce checks, with a significant number of these in place. Furthermore, the complete absence of known CVEs and a clean vulnerability history is a strong indicator of past security diligence.

However, significant concerns arise from the static analysis. The presence of 65 AJAX handlers, with 4 of them lacking any authentication checks, represents a substantial attack surface. This is further exacerbated by the taint analysis revealing 12 high-severity flows with unsanitized paths. While these might not yet translate to exploitable vulnerabilities due to other security layers, they represent critical areas where user-supplied data is not adequately validated, posing a risk of injection attacks or unexpected behavior if these flows are ever triggered without proper sanitization. The sole capability check identified also suggests a potential for privilege escalation if not implemented comprehensively across all sensitive functionalities.

In conclusion, while the plugin has a commendable history and generally good coding practices, the identified unprotected AJAX handlers and high-severity unsanitized taint flows are significant weaknesses that require immediate attention. These areas, despite the lack of historical CVEs, present a clear and present danger to the plugin's security.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized taint flows
  • Low number of capability checks
Vulnerabilities
None known

Digital Service Provider CRM Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Digital Service Provider CRM Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
79 prepared
Unescaped Output
65
878 escaped
Nonce Checks
61
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

DataTables

SQL Query Safety

99% prepared80 total queries

Output Escaping

93% escaped943 total outputs
Data Flows
12 unsanitized

Data Flow Analysis

19 flows12 with unsanitized paths
<company_settings> (company_settings.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Digital Service Provider CRM Attack Surface

Entry Points84
Unprotected4

AJAX Handlers 65

authwp_ajax_dspp_delete_status_actiondspp-crm.php:643
authwp_ajax_dspp_edit_status_actiondspp-crm.php:664
authwp_ajax_dspp_get_email_temp_details_actiondspp-crm.php:691
authwp_ajax_dspp_delete_email_template_actiondspp-crm.php:712
authwp_ajax_dspp_reset_email_template_actiondspp-crm.php:733
authwp_ajax_dspp_update_email_temp_actiondspp-crm.php:952
authwp_ajax_dspp_delete_invoice_status_actiondspp-crm.php:979
authwp_ajax_dspp_edit_invoice_status_actiondspp-crm.php:1002
authwp_ajax_dspp_get_status_details_actiondspp-crm.php:1048
authwp_ajax_dspp_get_invoice_status_details_actiondspp-crm.php:1069
authwp_ajax_dspp_delete_form_type_actiondspp-crm.php:1223
authwp_ajax_dspp_get_form_type_details_actiondspp-crm.php:1244
authwp_ajax_dspp_edit_form_type_actiondspp-crm.php:1265
authwp_ajax_dspp_save_admin_email_settingsdspp-crm.php:1328
noprivwp_ajax_dspp_save_admin_email_settingsdspp-crm.php:1329
authwp_ajax_dspp_get_all_servicesdspp-crm.php:1359
noprivwp_ajax_dspp_get_all_servicesdspp-crm.php:1360
authwp_ajax_dspp_add_to_sessionincludes\cpt-services.php:373
noprivwp_ajax_dspp_add_to_sessionincludes\cpt-services.php:374
authwp_ajax_dspp_update_quantity_in_sessionincludes\cpt-services.php:408
noprivwp_ajax_dspp_update_quantity_in_sessionincludes\cpt-services.php:409
authwp_ajax_dspp_remove_from_sessionincludes\cpt-services.php:453
noprivwp_ajax_dspp_remove_from_sessionincludes\cpt-services.php:454
authwp_ajax_dspp_save_order_formincludes\order-form-functions.php:59
noprivwp_ajax_dspp_save_order_formincludes\order-form-functions.php:60
authwp_ajax_dspp_update_order_formincludes\order-form-functions.php:96
noprivwp_ajax_dspp_update_order_formincludes\order-form-functions.php:97
authwp_ajax_dspp_delete_order_formincludes\order-form-functions.php:124
authwp_ajax_dspp_change_status_order_formincludes\order-form-functions.php:144
authwp_ajax_dspp_get_all_payment_methodsincludes\order-form-functions.php:196
noprivwp_ajax_dspp_get_all_payment_methodsincludes\order-form-functions.php:197
authwp_ajax_dspp_save_billing_details_ajaxincludes\order-form-functions.php:238
noprivwp_ajax_dspp_save_billing_details_ajaxincludes\order-form-functions.php:239
authwp_ajax_dspp_update_order_status_adminincludes\order-form-functions.php:242
noprivwp_ajax_dspp_update_order_status_adminincludes\order-form-functions.php:243
authwp_ajax_dspp_update_invoice_status_adminincludes\order-form-functions.php:273
noprivwp_ajax_dspp_update_invoice_status_adminincludes\order-form-functions.php:274
authwp_ajax_dspp_handle_invoice_submissionincludes\order-form-functions.php:356
noprivwp_ajax_dspp_handle_invoice_submissionincludes\order-form-functions.php:357
authwp_ajax_dspp_add_payment_methodeincludes\payment-methods-functions.php:83
noprivwp_ajax_dspp_add_payment_methodeincludes\payment-methods-functions.php:84
authwp_ajax_dspp_check_couponincludes\payment-methods-functions.php:274
noprivwp_ajax_dspp_check_couponincludes\payment-methods-functions.php:275
authwp_ajax_dspp_view_cart_buttonincludes\payment-methods-functions.php:311
noprivwp_ajax_dspp_view_cart_buttonincludes\payment-methods-functions.php:312
authwp_ajax_dspp_bits_generate_invoiceincludes\payment-methods-functions.php:370
noprivwp_ajax_dspp_bits_generate_invoiceincludes\payment-methods-functions.php:371
authwp_ajax_dspp_bits_payment_processorincludes\payment-methods-functions.php:480
noprivwp_ajax_dspp_bits_payment_processorincludes\payment-methods-functions.php:481
authwp_ajax_create_payment_intentincludes\payment-methods-functions.php:484
noprivwp_ajax_create_payment_intentincludes\payment-methods-functions.php:485
authwp_ajax_dspp_complete_purchase_with_token_emailincludes\payment-methods-functions.php:578
noprivwp_ajax_dspp_complete_purchase_with_token_emailincludes\payment-methods-functions.php:579
authwp_ajax_dspp_complete_purchase_with_tokenincludes\payment-methods-functions.php:626
noprivwp_ajax_dspp_complete_purchase_with_tokenincludes\payment-methods-functions.php:627
authwp_ajax_dspp_payment_confirmed_with_tokenincludes\payment-methods-functions.php:658
noprivwp_ajax_dspp_payment_confirmed_with_tokenincludes\payment-methods-functions.php:659
authwp_ajax_dspp_register_userincludes\user-functions.php:5
noprivwp_ajax_dspp_register_userincludes\user-functions.php:6
authwp_ajax_dspp_ajax_user_loginincludes\user-functions.php:40
noprivwp_ajax_dspp_ajax_user_loginincludes\user-functions.php:41
authwp_ajax_dspp_custom_forgot_passwordincludes\user-functions.php:63
noprivwp_ajax_dspp_custom_forgot_passwordincludes\user-functions.php:64
authwp_ajax_dspp_update_user_profileincludes\user-functions.php:88
noprivwp_ajax_dspp_update_user_profileincludes\user-functions.php:89

Shortcodes 19

[dspp-dashboard] includes\page-shortcode-functions.php:9
[dspp-services] includes\page-shortcode-functions.php:17
[dspp-display-order] includes\page-shortcode-functions.php:25
[dspp-preorder] includes\page-shortcode-functions.php:33
[dspp-thankyou] includes\page-shortcode-functions.php:41
[dspp-single-order] includes\page-shortcode-functions.php:49
[dspp-invoice] includes\page-shortcode-functions.php:57
[dspp-single-invoice] includes\page-shortcode-functions.php:65
[dspp-generate-invoice] includes\page-shortcode-functions.php:73
[dspp-profile] includes\page-shortcode-functions.php:81
[dspp-cart] includes\page-shortcode-functions.php:89
[dspp-checkout] includes\page-shortcode-functions.php:97
[dspp-payment] includes\page-shortcode-functions.php:105
[dspp-payment-processor] includes\page-shortcode-functions.php:113
[dspp-login] includes\page-shortcode-functions.php:121
[dspp-register] includes\page-shortcode-functions.php:129
[dspp-forgot-password] includes\page-shortcode-functions.php:137
[dspp-invoice-payment] includes\page-shortcode-functions.php:145
[dspp-confirm-payment] includes\page-shortcode-functions.php:153
WordPress Hooks 41
actioninitdspp-crm.php:93
actionadd_meta_boxesdspp-crm.php:100
actionsave_post_dspp_couponsdspp-crm.php:174
filterpost_type_labels_dspp_couponsdspp-crm.php:191
filtermanage_edit-dspp_coupons_columnsdspp-crm.php:201
actionmanage_dspp_coupons_posts_custom_columndspp-crm.php:218
actionedit_form_after_titledspp-crm.php:228
actionadmin_footerdspp-crm.php:238
actionadmin_enqueue_scriptsdspp-crm.php:250
actionadmin_menudspp-crm.php:265
actionadmin_enqueue_scriptsdspp-crm.php:311
actionadmin_menudspp-crm.php:325
actionadmin_menudspp-crm.php:449
actionadmin_menudspp-crm.php:491
actionplugins_loadedincludes\class-spp-crm.php:140
actionadmin_enqueue_scriptsincludes\class-spp-crm.php:152
actionadmin_enqueue_scriptsincludes\class-spp-crm.php:153
actionwp_enqueue_scriptsincludes\class-spp-crm.php:167
actionwp_enqueue_scriptsincludes\class-spp-crm.php:168
actioninitincludes\cpt-services.php:61
actionadd_meta_boxesincludes\cpt-services.php:88
actionsave_post_dspp_serviceincludes\cpt-services.php:245
filtermanage_dspp_service_posts_columnsincludes\cpt-services.php:313
actionmanage_dspp_service_posts_custom_columnincludes\cpt-services.php:330
actionafter_setup_themeincludes\menu-functions.php:11
filterwp_mail_fromincludes\payment-methods-functions.php:692
filterwp_mail_from_nameincludes\payment-methods-functions.php:695
actiondspp_send_abandoned_checkout_email_eventincludes\payment-methods-functions.php:713
filterwp_mail_fromincludes\payment-methods-functions.php:745
filterwp_mail_from_nameincludes\payment-methods-functions.php:748
filterwp_mail_fromincludes\payment-methods-functions.php:766
filterwp_mail_from_nameincludes\payment-methods-functions.php:769
filterwp_mail_fromincludes\payment-methods-functions.php:807
filterwp_mail_from_nameincludes\payment-methods-functions.php:810
filterwp_mail_fromincludes\payment-methods-functions.php:850
filterwp_mail_from_nameincludes\payment-methods-functions.php:853
actiondspp_send_unpaid_invoice_email_eventincludes\payment-methods-functions.php:879
filterwp_mail_fromincludes\payment-methods-functions.php:911
filterwp_mail_from_nameincludes\payment-methods-functions.php:914
filtertemplate_includeincludes\template-functions.php:25
filtershow_admin_barincludes\user-functions.php:129

Scheduled Events 2

dspp_send_abandoned_checkout_email_event
dspp_send_unpaid_invoice_email_event
Maintenance & Trust

Digital Service Provider CRM Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5
Last updatedAug 1, 2025
PHP min version5.6
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Digital Service Provider CRM Alternatives

Sprout Clients – CRM and Lead Management

Sprout Clients – CRM and Lead Management

sprout-clients

A
95

Properly leveraging your contact lists isn’t sending out a single email to the entire list asking for work — instead you need to build business relati &hellip;

70 3 CVEs
Teamleader CRM Forms

Teamleader CRM Forms

teamleader-form-integration

A
100

The Teamleader CRM Forms integration is a plugin to register leads or contacts directly from your Wordpress website or landing page to your Teamleader &hellip;

500 No CVEs
ClientHub

ClientHub

clienthub

A
100

Professional client management hub with customizable dashboards, project tracking, and secure customer portal for WordPress.

10 No CVEs
Quoteo – Invoice & CRM

Quoteo – Invoice & CRM

quoteo-invoice-crm

A
100

Connect your WordPress or WooCommerce site to Quoteo CRM to sync customers, orders and invoices automatically. Developed by Digitalworks.

10 No CVEs
SWELLEnterprise

SWELLEnterprise

swellenterprise

A
85

A plugin that connects your website to the SWELLEnterprise services.

0 No CVEs
Developer Profile

Digital Service Provider CRM Developer Profile

Bestitsol

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Digital Service Provider CRM

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/digital-service-provider-crm/assets/css/custom-admin-style.css/wp-content/plugins/digital-service-provider-crm/assets/css/custom-style.css/wp-content/plugins/digital-service-provider-crm/assets/js/custom-admin-script.js/wp-content/plugins/digital-service-provider-crm/assets/js/custom-script.js
Script Paths
/wp-content/plugins/digital-service-provider-crm/assets/js/custom-admin-script.js/wp-content/plugins/digital-service-provider-crm/assets/js/custom-script.js
Version Parameters
digital-service-provider-crm/assets/css/custom-admin-style.css?ver=digital-service-provider-crm/assets/css/custom-style.css?ver=digital-service-provider-crm/assets/js/custom-admin-script.js?ver=digital-service-provider-crm/assets/js/custom-script.js?ver=

HTML / DOM Fingerprints

CSS Classes
dspp-coupon-details
Data Attributes
coupon_discount_typecoupon_valuecoupon_expiry_dateexcluded_categories
JS Globals
DSPP_WEB_API_URL
FAQ

Frequently Asked Questions about Digital Service Provider CRM