DocID Security & Risk Analysis
wordpress.org/plugins/docidThe DocID plugin provides functionalities required for a secure and legally compliant authentication of healthcare professionals on your website.
Is DocID Safe to Use in 2026?
Generally Safe
Score 100/100DocID has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'docid' plugin v1.1.1 exhibits a generally good security posture, with several positive indicators. The absence of any known CVEs and a clean vulnerability history suggests a history of secure development. The code analysis reveals strong adherence to security best practices, with 100% of SQL queries using prepared statements and 96% of output properly escaped. Furthermore, critical security features like nonce checks and capability checks are present, and there are no dangerous functions or direct file operations that typically pose significant risks. The limited attack surface, with all entry points (shortcodes) potentially protected by the framework's default authorization mechanisms, is also a positive sign.
However, one area of concern identified in the taint analysis is a flow with an unsanitized path. While no critical or high severity issues were flagged in the taint analysis, and the overall number of flows is low, this indicates a potential, albeit likely minor, risk of path traversal or similar vulnerabilities if this unsanitized path is user-controlled and leads to sensitive operations. The presence of an external HTTP request, while not inherently a vulnerability, represents an external dependency that could be a vector for future issues if the external service is compromised or the plugin handles the response insecurely. The small number of total flows and the lack of critical/high severity issues temper this concern, but it warrants attention.
In conclusion, 'docid' v1.1.1 is a reasonably secure plugin. Its strengths lie in its robust handling of SQL and output, along with a clean vulnerability history. The primary area for improvement is the identified unsanitized path, which should be investigated and remediated to ensure complete security. The external HTTP request should also be monitored for any potential security implications in future updates. Overall, the plugin is well-developed from a security perspective, with only a minor point of concern.
Key Concerns
- Flow with unsanitized path
- External HTTP request
DocID Security Vulnerabilities
DocID Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
DocID Attack Surface
Shortcodes 3
WordPress Hooks 19
Maintenance & Trust
DocID Maintenance & Trust
Maintenance Signals
Community Trust
DocID Alternatives
DocCheck Login
doccheck-login
Open source DocCheck plugin for authenticating healthcare professionals via secure DocCheck login integration.
IDonate – Blood Donation, Request And Donor Management System
idonate
A complete WordPress system to handle blood donations, donor records, and urgent requests—ideal for hospitals, NGOs, and clinics.
Medical Before After Gallery
medical-before-after-gallery
A simple before-after image gallery plugin designed for medical professionals and healthcare practices.
Latest Canadian Healthcare Jobs sidebar widget
latest-canadian-healthcare-jobs-sidebar-widget
Displays a live map of Canada showing the latest jobs posted on the Hospital.ca medical job listing service
Doctor Eve – Wachttijden
doctor-eve-wachttijden
Display waiting times for medical treatments with a floating button and/or embeddable components via shortcode.
DocID Developer Profile
1 plugin · 0 total installs
How We Detect DocID
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
HTML / DOM Fingerprints
docid-logoutdocid-menu-linksname="docid_restricted"id="docid_restricted"name="docid_restricted_nonce"id="submit-docid-links"class="docid-logout"