WP-Safety

Dolphy Security & Risk Analysis

wordpress.org/plugins/dolphy

Dolphy adds a very nice login and registration experience to your Wordpress blog.

0 active installs v1.3.0 PHP 7.0+ WP 4.0+ Updated Jan 23, 2022
login-formregistration-formsignin-formsignup-formuser-experience
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Dolphy Safe to Use in 2026?

Generally Safe

Score 85/100

Dolphy has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The "dolphy" v1.3.0 plugin exhibits a generally strong security posture based on the static analysis provided. The absence of identified AJAX handlers, REST API routes, shortcodes, and cron events with unprotected entry points significantly reduces the potential attack surface. The majority of SQL queries utilize prepared statements, and a good percentage of output is properly escaped, indicating a conscientious approach to secure coding practices. The plugin also correctly uses a bundled library (PHPMailer) which is a standard and generally well-maintained component.

However, the presence of two "unserialize" calls is a notable concern. Unserialization of untrusted data is a well-known vector for Remote Code Execution (RCE) vulnerabilities. While the taint analysis found no unsanitized flows, the "unserialize" functions themselves represent a potential risk if user-controlled data is ever passed to them without stringent sanitization or validation beforehand. The complete lack of nonce checks and capability checks across all identified entry points is also a significant weakness, leaving any potential future additions to the attack surface vulnerable to CSRF and unauthorized access if not properly secured.

The plugin's vulnerability history is exceptionally clean, with no recorded CVEs. This suggests a history of responsible development and a lack of previously discovered critical security flaws. However, the absence of past vulnerabilities should not be interpreted as absolute security, especially given the identified "unserialize" functions and the missing authentication/authorization checks. The focus should remain on mitigating the identified code signals of concern.

Key Concerns

  • Uses unserialize function
  • 0 Nonce checks
  • 0 Capability checks
  • Output escaping not fully proper (21% not escaped)
  • Uses bundled library (PHPMailer)
Vulnerabilities
None known

Dolphy Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Dolphy Code Analysis

Dangerous Functions
2
Raw SQL Queries
2
16 prepared
Unescaped Output
10
37 escaped
Nonce Checks
0
Capability Checks
0
File Operations
1
External Requests
1
Bundled Libraries
1

Dangerous Functions Found

unserializereturn unserialize($data);classes\Helpers\Crypto.php:44
unserialize$data = unserialize($result->value);classes\Options\Options.php:76

Bundled Libraries

PHPMailer

SQL Query Safety

89% prepared18 total queries

Output Escaping

79% escaped47 total outputs
Attack Surface

Dolphy Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 41
actioninitclasses\Template\Controller.php:24
filterdo_parse_requestclasses\Template\Controller.php:28
actionloop_endclasses\Template\Controller.php:30
filterthe_permalinkclasses\Template\Controller.php:36
actionwp_enqueue_scriptsclasses\WooCommerce\Gateways\Flutterwave.php:53
actionwoocommerce_api_Dolphy-verify-flutterwaveclasses\WooCommerce\Gateways\Flutterwave.php:57
actionwp_enqueue_scriptsclasses\WooCommerce\Gateways\Paystack.php:55
actionwoocommerce_api_cyberpull-verify-paystackclasses\WooCommerce\Gateways\Paystack.php:58
actioninithooks\access\init.php:7
filterdolphy_login_actionshooks\access\security\2fa.php:8
filterdolphy_login_verify_actionshooks\access\security\2fa.php:19
actiondolphy_login_complete_actionshooks\access\security\2fa.php:30
actiondolphy_access_headerhooks\access.php:5
actiondolphy_access_footerhooks\access.php:9
actiondolphy_header_scriptshooks\admin\header.php:5
actiondolphy_footer_scriptshooks\admin\header.php:10
actionadmin_headhooks\admin\header.php:16
filterplugin_action_linkshooks\admin\links.php:7
filterplugin_row_metahooks\admin\links.php:17
actionadmin_menuhooks\admin\menu.php:7
actionshow_user_profilehooks\admin\profile.php:8
filterdolphy_admin_tabshooks\ajax\admin\tabs.php:8
filtertemplate_includehooks\errors.php:5
actiondolphy_error_headerhooks\errors.php:16
actiondolphy_error_footerhooks\errors.php:20
actiondolphy_activatehooks\install\database.php:15
actiondolphy_activatehooks\install\database.php:39
actiondolphy_activatehooks\install\database.php:71
actiondolphy_activatehooks\install\database.php:100
actiondolphy_activatehooks\install\database.php:129
actionwp_enqueue_scriptshooks\scripts.php:5
actionadmin_enqueue_scriptshooks\scripts.php:18
actiondolphy_access_enqueue_scriptshooks\scripts.php:41
actiondolphy_account_enqueue_scriptshooks\scripts.php:52
actiondolphy_maintenance_enqueue_scriptshooks\scripts.php:65
actiondolphy_error_enqueue_scriptshooks\scripts.php:76
actiondolphy_enqueue_core_scriptshooks\scripts.php:86
actiondolphy_templatehooks\template.php:9
filterlogin_urlhooks\urls.php:5
filterregister_urlhooks\urls.php:15
filterlostpassword_urlhooks\urls.php:19
Maintenance & Trust

Dolphy Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedJan 23, 2022
PHP min version7.0
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Dolphy Alternatives

UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP

UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP

userswp

A
89

Light weight Front-end login form, User Registration, User Profile and Members Directory plugin.

20K 14 CVEs
Pie Register – User Registration, Profiles & Content Restriction

Pie Register – User Registration, Profiles & Content Restriction

pie-register

D
40

Create customized registration forms, Invite through email, Email Notification, User Roles assignment, and more. Pie Register is a User Registration p …

2K 1 unpatched
CM Registration – Tailored tool for seamless login and invitation-based registrations

CM Registration – Tailored tool for seamless login and invitation-based registrations

cm-invitation-codes

A
98

Manage user registration forms with invitation codes and control access. Simplify login and registration processes using Ajax based solution.

40 2 CVEs
Normalized Forms with Captcha

Normalized Forms with Captcha

normalized-forms-with-captcha

A
100

Custom Responsive Contact, Login & Register Forms with Captcha. Redirection of Register and Login links to a theme based Register page.

10 No CVEs
PopForms Lite

PopForms Lite

popforms-lite

A
100

Short Description: Material Design WordPress popup forms with contact, login, signup, and subscribe options.

10 No CVEs
Developer Profile

Dolphy Developer Profile

Christian Ezeani

2 plugins · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Dolphy

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/dolphy/assets/images/logo.png/wp-content/plugins/dolphy/assets/images/icon.png/wp-content/plugins/dolphy/assets/images/flutterwave-small.png
Script Paths
https://api.ravepay.co/flwv3-pug/getpaidx/api/flwpbf-inline.js
Version Parameters
dolphy.php?ver=classes/WooCommerce/Gateways/Flutterwave.php?ver=

HTML / DOM Fingerprints

Data Attributes
data-paystack-keydata-amountdata-emaildata-refdata-callbackdata-currency+2 more
JS Globals
CYB.Flutterwave.pay
REST Endpoints
/wp-json/dolphy/v1/settings
FAQ

Frequently Asked Questions about Dolphy