WP-Safety

Domain For Sale – Sell Domains with Landing Pages, Offers & Inquiries Security & Risk Analysis

wordpress.org/plugins/domain-for-sale

Create professional domain for sale landing pages in WordPress. Accept offers and inquiries, and manage domain sales directly from your dashboard.

400 active installs v3.2.1 PHP 7.4+ WP 5.0+ Updated Mar 13, 2026
domaindomain-for-saledomain-landing-pagedomain-salesell-domains
99
A · Safe
CVEs total1
Unpatched0
Last CVEJun 5, 2025
Plugin page Download
Safety Verdict

Is Domain For Sale – Sell Domains with Landing Pages, Offers & Inquiries Safe to Use in 2026?

Generally Safe

Score 99/100

Domain For Sale – Sell Domains with Landing Pages, Offers & Inquiries has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jun 5, 2025Updated 21d ago
Risk Assessment

The 'domain-for-sale' v3.2.1 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by implementing a significant number of nonce and capability checks, and a high percentage of its output is properly escaped, minimizing the risk of cross-site scripting vulnerabilities. The absence of file operations and the limited number of external HTTP requests further contribute to its security. However, the presence of two unprotected AJAX handlers and the use of the `unserialize` function are significant concerns. The unprotected AJAX handlers represent direct entry points for potential attacks without proper authentication or authorization. The `unserialize` function, especially if used with user-supplied data, can lead to remote code execution vulnerabilities if not handled with extreme care. The vulnerability history indicates one past medium-severity CVE related to Cross-site Scripting, which, while currently patched, highlights a potential area of weakness in input sanitization. While the taint analysis shows no critical or high severity issues currently, the underlying code signals and the unprotected entry points warrant careful consideration.

Key Concerns

  • Unprotected AJAX handlers present direct attack vectors.
  • Use of unserialize function is a high-risk code signal.
  • One past medium-severity CVE indicates input sanitization weakness.
Vulnerabilities
1

Domain For Sale – Sell Domains with Landing Pages, Offers & Inquiries Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-5239medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Domain For Sale <= 3.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via class_name Parameter

Jun 5, 2025 Patched in 3.0.11 (1d)
Code Analysis
Analyzed Mar 16, 2026

Domain For Sale – Sell Domains with Landing Pages, Offers & Inquiries Code Analysis

Dangerous Functions
3
Raw SQL Queries
2
2 prepared
Unescaped Output
191
1187 escaped
Nonce Checks
16
Capability Checks
9
File Operations
0
External Requests
1
Bundled Libraries
0

Dangerous Functions Found

unserialize$plugins = unserialize($response['body']);src\Admin\HelpPage\Help.php:178
unserialize$unserialized = @unserialize($row['field']);src\Admin\Offers.php:221
unserialize$unserialized = @unserialize($row['meta']);src\Admin\Offers.php:227

SQL Query Safety

50% prepared4 total queries

Output Escaping

86% escaped1378 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

9 flows2 with unsanitized paths
dfs_html_form_code (src\Frontend\Helpers\Helpers.php:107)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Domain For Sale – Sell Domains with Landing Pages, Offers & Inquiries Attack Surface

Entry Points17
Unprotected2

AJAX Handlers 12

authwp_ajax_domain-for-sale-get-iconssrc\Admin\Framework\functions\actions.php:52
authwp_ajax_domain-for-sale-exportsrc\Admin\Framework\functions\actions.php:89
authwp_ajax_domain-for-sale-importsrc\Admin\Framework\functions\actions.php:125
authwp_ajax_domain-for-sale-resetsrc\Admin\Framework\functions\actions.php:152
authwp_ajax_domain-for-sale-chosensrc\Admin\Framework\functions\actions.php:191
authwp_ajax_dfs_preview_meta_boxsrc\Admin\Preview\Preview.php:53
authwp_ajax_domain-for-sale-never-show-review-noticesrc\Admin\ReviewNotice\ReviewNotice.php:29
authwp_ajax_themeatelier_dismiss_offer_bannersrc\Admin\ReviewNotice\ThemeAtelier_Offer_Banner.php:38
authwp_ajax_dfs_form_submitsrc\Frontend\Frontend.php:61
noprivwp_ajax_dfs_form_submitsrc\Frontend\Frontend.php:62
authwp_ajax_domain_for_sale_export_shortcodessrc\Includes\DomainForSale.php:222
authwp_ajax_domain_for_sale_import_shortcodessrc\Includes\DomainForSale.php:223

REST API Routes 2

GET/wp-json/domain-for-sale/v1/offerssrc\Admin\Offers.php:151
GET/wp-json/domain-for-sale/v1/offers/(?P<id>\d+)src\Admin\Offers.php:162

Shortcodes 3

[domain_for_sale] src\Frontend\Frontend.php:182
[domain_listing] src\Frontend\Frontend.php:183
[dfs_contact_form] src\Includes\DomainForSale.php:176
WordPress Hooks 68
actionsave_postsrc\Admin\Admin.php:74
actionadmin_menusrc\Admin\Admin.php:75
actionafter_setup_themesrc\Admin\Admin.php:76
actionafter_setup_themesrc\Admin\Admin.php:77
actioninitsrc\Admin\Admin.php:78
actioninitsrc\Admin\Admin.php:79
filterplugin_row_metasrc\Admin\Admin.php:98
filteradmin_footer_textsrc\Admin\Admin.php:102
actionplugins_loadedsrc\Admin\DBUpdates.php:36
actionadmin_action_domain_for_sale_duplicate_shortcodesrc\Admin\Duplicator.php:32
filterpost_row_actionssrc\Admin\Duplicator.php:33
actionelementor/preview/enqueue_scriptssrc\Admin\ElementorAddons\Element_Shortcode_Addons.php:72
actionelementor/initsrc\Admin\ElementorAddons\Element_Shortcode_Addons.php:92
actionelementor/widgets/registersrc\Admin\ElementorAddons\Element_Shortcode_Addons.php:109
actionwp_enqueue_scriptssrc\Admin\Framework\Classes\abstract.class.php:22
actionafter_setup_themesrc\Admin\Framework\Classes\DOMAIN_FOR_SALE.php:75
actioninitsrc\Admin\Framework\Classes\DOMAIN_FOR_SALE.php:76
actionswitch_themesrc\Admin\Framework\Classes\DOMAIN_FOR_SALE.php:77
actionadmin_enqueue_scriptssrc\Admin\Framework\Classes\DOMAIN_FOR_SALE.php:78
actionwp_enqueue_scriptssrc\Admin\Framework\Classes\DOMAIN_FOR_SALE.php:79
actionwp_headsrc\Admin\Framework\Classes\DOMAIN_FOR_SALE.php:80
filteradmin_body_classsrc\Admin\Framework\Classes\DOMAIN_FOR_SALE.php:81
actionadd_meta_boxessrc\Admin\Framework\Classes\DOMAIN_FOR_SALE_Metabox.php:55
actionsave_postsrc\Admin\Framework\Classes\DOMAIN_FOR_SALE_Metabox.php:56
actionedit_attachmentsrc\Admin\Framework\Classes\DOMAIN_FOR_SALE_Metabox.php:57
actionadmin_menusrc\Admin\Framework\Classes\DOMAIN_FOR_SALE_Options.php:109
actionadmin_bar_menusrc\Admin\Framework\Classes\DOMAIN_FOR_SALE_Options.php:110
actionnetwork_admin_menusrc\Admin\Framework\Classes\DOMAIN_FOR_SALE_Options.php:114
filteradmin_footer_textsrc\Admin\Framework\Classes\DOMAIN_FOR_SALE_Options.php:434
actionadmin_footersrc\Admin\Framework\fields\icon\icon.php:41
actioncustomize_controls_print_footer_scriptssrc\Admin\Framework\fields\icon\icon.php:42
actionadmin_print_footer_scriptssrc\Admin\Framework\fields\link\link.php:65
actionprint_default_editor_scriptssrc\Admin\Framework\fields\wp_editor\wp_editor.php:62
actionplugins_loadedsrc\Admin\GutenbergBlock\Gutenberg_Block_Init.php:41
actioninitsrc\Admin\GutenbergBlock\Gutenberg_Block_Init.php:43
actionenqueue_block_editor_assetssrc\Admin\GutenbergBlock\Gutenberg_Block_Init.php:44
filterblock_categoriessrc\Admin\GutenbergBlock\Gutenberg_Block_Init.php:53
filterblock_categories_allsrc\Admin\GutenbergBlock\Gutenberg_Block_Init.php:55
actiondfs_recommended_page_menusrc\Admin\HelpPage\Help.php:69
actionadmin_print_scriptssrc\Admin\HelpPage\Help.php:75
actionadmin_enqueue_scriptssrc\Admin\HelpPage\Help.php:76
actiondomain_for_sale_offers_page_menusrc\Admin\Offers.php:35
actionadmin_headsrc\Admin\Offers.php:36
actionadmin_enqueue_scriptssrc\Admin\Offers.php:37
actionrest_api_initsrc\Admin\Offers.php:38
actionadmin_print_scriptssrc\Admin\Offers.php:121
actionadmin_noticessrc\Admin\ReviewNotice\ReviewNotice.php:28
actionadmin_noticessrc\Admin\ReviewNotice\ThemeAtelier_Offer_Banner.php:37
actiontemplate_redirectsrc\Frontend\Frontend.php:60
actionphpmailer_initsrc\Frontend\Frontend.php:64
actionwp_footersrc\Frontend\Frontend.php:72
actionwp_enqueue_scriptssrc\Frontend\Frontend.php:133
filterdocument_title_separatorsrc\Frontend\Helpers\Helpers.php:193
actionwp_footersrc\Frontend\Helpers\ThemeSupport.php:25
actionplugin_loadedsrc\Includes\DomainForSale.php:76
actionactivated_pluginsrc\Includes\DomainForSale.php:77
actionwp_loadedsrc\Includes\DomainForSale.php:173
actionwp_enqueue_scriptssrc\Includes\DomainForSale.php:174
actionwp_enqueue_scriptssrc\Includes\DomainForSale.php:175
actionwp_loadedsrc\Includes\DomainForSale.php:178
filtertemplate_includesrc\Includes\DomainForSale.php:179
actionwp_loadedsrc\Includes\DomainForSale.php:210
actionadmin_enqueue_scriptssrc\Includes\DomainForSale.php:211
actionadmin_enqueue_scriptssrc\Includes\DomainForSale.php:212
filtermanage_dfs_template_posts_columnssrc\Includes\DomainForSale.php:213
actionmanage_dfs_template_posts_custom_columnsrc\Includes\DomainForSale.php:214
filtermanage_domain_listing_posts_columnssrc\Includes\DomainForSale.php:216
actionmanage_domain_listing_posts_custom_columnsrc\Includes\DomainForSale.php:217
Maintenance & Trust

Domain For Sale – Sell Domains with Landing Pages, Offers & Inquiries Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 13, 2026
PHP min version7.4
Downloads17K

Community Trust

Rating100/100
Number of ratings3
Active installs400
Alternatives

Domain For Sale – Sell Domains with Landing Pages, Offers & Inquiries Alternatives

Go Live Update Urls

Go Live Update Urls

go-live-update-urls

A
100

Change the domain on your site with one click.

80K No CVEs
zipaddr-jp

zipaddr-jp

zipaddr-jp

A
100

zipaddr-jp is a collaborative tool that automatically inputs addresses from postal codes.

50K No CVEs
Automatic Domain Changer

Automatic Domain Changer

automatic-domain-changer

A
100

Automatically detects a domain name change, and updates all the WordPress tables in the database to reflect this change.

10K 1 CVE
Doubly – Cross Domain Copy Paste for WordPress

Doubly – Cross Domain Copy Paste for WordPress

doubly

A
97

Easily move, duplicate, backup and copy paste content and designs between your WordPress websites in seconds.

10K 1 CVE
Multiple Domain

Multiple Domain

multiple-domain

A
85

This plugin allows you to have multiple domains in a single Wordpress installation and enables custom redirects for each domain.

10K 1 CVE
Developer Profile

Domain For Sale – Sell Domains with Landing Pages, Offers & Inquiries Developer Profile

ThemeAtelier

7 plugins · 4K total installs

99
trust score
Avg Security Score
99/100
Avg Patch Time
6 days
View full developer profile
Detection Fingerprints

How We Detect Domain For Sale – Sell Domains with Landing Pages, Offers & Inquiries

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/domain-for-sale/src/Frontend/assets/css/bootstrap.min.css/wp-content/plugins/domain-for-sale/src/Frontend/assets/css/fontawesome.min.css/wp-content/plugins/domain-for-sale/src/Frontend/assets/css/main.css/wp-content/plugins/domain-for-sale/src/Frontend/assets/css/responsive.css/wp-content/plugins/domain-for-sale/src/Frontend/assets/js/bootstrap.bundle.min.js/wp-content/plugins/domain-for-sale/src/Frontend/assets/js/jquery.min.js/wp-content/plugins/domain-for-sale/src/Frontend/assets/js/main.js/wp-content/plugins/domain-for-sale/src/Frontend/assets/js/owl.carousel.min.js+2 more
Script Paths
/wp-content/plugins/domain-for-sale/src/Frontend/assets/js/main.js
Version Parameters
domain-for-sale/src/Frontend/assets/css/bootstrap.min.css?ver=domain-for-sale/src/Frontend/assets/css/fontawesome.min.css?ver=domain-for-sale/src/Frontend/assets/css/main.css?ver=domain-for-sale/src/Frontend/assets/css/responsive.css?ver=domain-for-sale/src/Frontend/assets/js/bootstrap.bundle.min.js?ver=domain-for-sale/src/Frontend/assets/js/jquery.min.js?ver=domain-for-sale/src/Frontend/assets/js/main.js?ver=domain-for-sale/src/Frontend/assets/js/owl.carousel.min.js?ver=domain-for-sale/src/Frontend/assets/js/slick.min.js?ver=domain-for-sale/src/Frontend/assets/js/waypoints.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
dfs-template-settings-wrapperdfs-btn-successdfs-btn-dangerdfs-btn-outline-successdfs-select-all-domainsdomain-for-sale-template-editordomain-for-sale-editor-section
HTML Comments
<!-- ThemeAtelier --><!-- Designed by ThemeAtelier -->
Data Attributes
data-dfs-template-iddata-dfs-template-namedata-dfs-template-typedata-dfs-setting-namedata-dfs-apply-on
JS Globals
domain_for_sale_params
REST Endpoints
/wp-json/domain-for-sale/v1/settings/wp-json/domain-for-sale/v1/templates
Shortcode Output
[domain_for_sale_listing[domain_for_sale_search[domain_for_sale_countdown[domain_for_sale_features
FAQ

Frequently Asked Questions about Domain For Sale – Sell Domains with Landing Pages, Offers & Inquiries