Dojo (beta) Security & Risk Analysis
wordpress.org/plugins/dojoManage and grow your Martial Arts school with easy to use tools for your students, teachers and you!
Is Dojo (beta) Safe to Use in 2026?
Generally Safe
Score 85/100Dojo (beta) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "dojo" plugin v0.23 demonstrates a generally good security posture with no known vulnerabilities in its history. The static analysis reveals a small attack surface, with no direct AJAX handlers, REST API routes, or shortcodes exposed without authentication. The code also shows a reasonable effort towards secure coding practices, with a high percentage of SQL queries using prepared statements and a majority of output being properly escaped. However, a significant concern arises from the presence of the `unserialize()` function, which is a known vector for remote code execution if data originating from an untrusted source is processed. While taint analysis did not reveal critical or high severity unsanitized flows, the potential for misuse of `unserialize()` remains a notable risk.
The lack of recorded CVEs and recent vulnerabilities is a positive indicator, suggesting the developers are either diligent in their security efforts or the plugin has not been a target of sophisticated attacks. The presence of a single cron event and a limited number of file operations and external HTTP requests do not inherently pose a high risk, especially given the general lack of exposed entry points. Despite the positive aspects, the `unserialize()` function represents a critical point of failure that needs careful consideration and mitigation. The plugin is otherwise well-defended regarding authentication and authorization checks.
Key Concerns
- Dangerous function unserialize() detected
- Minor output escaping issues
- File operations detected
- External HTTP requests detected
Dojo (beta) Security Vulnerabilities
Dojo (beta) Code Analysis
Dangerous Functions Found
SQL Query Safety
Output Escaping
Data Flow Analysis
Dojo (beta) Attack Surface
WordPress Hooks 5
Scheduled Events 1
Maintenance & Trust
Dojo (beta) Maintenance & Trust
Maintenance Signals
Community Trust
Dojo (beta) Alternatives
WP-Nafudakake Dojo Rank Board Generator
wp-nafudakake-dojo-rank-board-generator
Generates an attractive, traditional Japanese rank board (nafudakake) for your dojo or school website using shortcodes.
SportsPress – Sports Club & League Manager
sportspress
SportsPress is an extendable all-in-one sports data plugin that helps sports clubs set up and manage a league or club site quickly and easily.
Educare – Students & Result Management System
educare
No. 1 Academic Students & Result Management system for WordPress. Educare helps you effortlessly publish and manage student results online.
Sch.gr Commons
schgr-commons
Just copy/paste a URL of video from https://video.sch.gr, or a school location map from https://maps.sch.gr into your WordPress posts and see them emb …
The School Management – Education & Learning Management
school-management-system
The School Management System is a WordPress plugin to manage school and its entities such as classes, sections, students, ID cards, teachers, staff, f …
Dojo (beta) Developer Profile
1 plugin · 10 total installs
How We Detect Dojo (beta)
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/dojo/css/dojo-style.css/wp-content/plugins/dojo/css/dojo-admin-style.css/wp-content/plugins/dojo/js/dist/dojo.js/wp-content/plugins/dojo/js/dist/dojo.min.jsHTML / DOM Fingerprints
<!-- Dojo is free software: you can redistribute it and/or modifyit under the terms of the GNU General Public License as published bythe Free Software Foundation, either version 2 of the License, orany later version.+6 moredojo[dojo_page]