Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional) Security & Risk Analysis

wordpress.org/plugins/domain-mapping-system

Domain Mapping System is the most powerful way to manage alias domains and map them to any published resource - creating Microsites with ease!

2K active installs v2.2.5.4 PHP 7.4+ WP 5.1+ Updated Feb 17, 2026

aliasmultidomainmultiple-domainsmultisitesubdomain

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional) Safe to Use in 2026?

Generally Safe

Score 100/100

Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The domain-mapping-system plugin v2.2.5.4 exhibits a generally sound security posture with no known CVEs and a reasonable number of capability and nonce checks. However, the static analysis reveals concerning aspects. While the attack surface appears minimal with no direct entry points, the code signals highlight areas of weakness. A significant portion of SQL queries are not using prepared statements, which can open the door to SQL injection vulnerabilities. Furthermore, less than half of the output data is properly escaped, increasing the risk of cross-site scripting (XSS) attacks. The taint analysis also indicates two high-severity flows with unsanitized paths, suggesting potential for malicious data to be processed without adequate validation.

The lack of any recorded vulnerabilities in its history is a positive sign, indicating that past development may have been secure. However, this should not overshadow the current findings. The presence of file operations without further context is a minor concern. The bundled libraries, Select2 and Freemius v1.0, should be reviewed for their own security status, though their inclusion is not flagged as an immediate risk. Overall, while the plugin has a clean vulnerability history, the current static analysis suggests that significant refactoring is needed to address potential SQL injection and XSS risks before it can be considered truly secure.

Key Concerns

High severity taint flows with unsanitized paths
SQL queries using prepared statements (only 65%)
Output escaping (only 49% properly escaped)
File operations detected
Bundled library (Freemius v1.0) potentially outdated

Vulnerabilities

None known

Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional) Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional) Code Analysis

Dangerous Functions

Raw SQL Queries

17 prepared

Unescaped Output

19 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2Freemius1.0

SQL Query Safety

65% prepared26 total queries

Output Escaping

49% escaped39 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

<pagination> (templates\pagination.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional) Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 51

actionadmin_menuincludes\admin\class-dms-admin.php:98

actionadmin_post_save_dms_screen_optionsincludes\admin\class-dms-admin.php:99

filterposts_whereincludes\admin\class-dms-admin.php:100

actionadmin_initincludes\admin\class-dms-admin.php:101

actionafter_uninstallincludes\admin\class-dms-admin.php:103

actioninitincludes\admin\handlers\class-dms-alias-domain-authentication-handler.php:54

actioninitincludes\admin\handlers\class-dms-subdomain-authentication-handler.php:54

actionrest_api_initincludes\api\class-dms-server.php:43

filterplugin_iconincludes\class-dms-fs.php:49

filtershow_deactivation_feedback_formincludes\class-dms-fs.php:50

filtershow_deactivation_subscription_cancellationincludes\class-dms-fs.php:51

actioninitincludes\class-dms.php:257

actioninitincludes\cron\class-dms-fs-check-cron.php:26

actionpre_get_postsincludes\frontend\handlers\class-dms-mapping-handler.php:87

actionredirect_canonicalincludes\frontend\handlers\class-dms-mapping-handler.php:88

filterwp_redirectincludes\frontend\handlers\class-dms-mapping-handler.php:89

actiontemplate_redirectincludes\frontend\handlers\class-dms-mapping-handler.php:179

filterplugins_urlincludes\frontend\handlers\class-dms-uri-handler.php:115

filterrest_urlincludes\frontend\handlers\class-dms-uri-handler.php:121

filterscript_loader_srcincludes\frontend\handlers\class-dms-uri-handler.php:127

filterstyle_loader_srcincludes\frontend\handlers\class-dms-uri-handler.php:133

filterupload_dirincludes\frontend\handlers\class-dms-uri-handler.php:139

filteradmin_urlincludes\frontend\handlers\class-dms-uri-handler.php:140

filterscript_module_loader_srcincludes\frontend\handlers\class-dms-uri-handler.php:146

filterwp_get_attachment_image_srcincludes\frontend\handlers\class-dms-uri-handler.php:152

filterget_header_image_tagincludes\frontend\handlers\class-dms-uri-handler.php:158

filterwp_calculate_image_srcsetincludes\frontend\handlers\class-dms-uri-handler.php:164

filterelementor/frontend/the_contentincludes\frontend\handlers\class-dms-uri-handler.php:170

filtertemplate_directory_uriincludes\frontend\handlers\class-dms-uri-handler.php:176

filterstylesheet_directory_uriincludes\frontend\handlers\class-dms-uri-handler.php:182

filterwp_resource_hintsincludes\frontend\handlers\class-dms-uri-handler.php:188

filterfeed_linkincludes\frontend\handlers\class-dms-uri-handler.php:194

filterget_shortlinkincludes\frontend\handlers\class-dms-uri-handler.php:200

actionwpincludes\frontend\handlers\class-dms-wp-queried-object-handler.php:77

filterbp_nouveau_get_loop_classesincludes\integrations\buddyboss\class-dms-buddy-boss-platform.php:54

filterhome_urlincludes\integrations\buddyboss\class-dms-buddy-boss-platform.php:55

filterdms_trp_prevent_redirectionincludes\integrations\buddyboss\class-dms-buddy-boss-platform.php:56

actionplugins_loadedincludes\integrations\class-dms-integrations.php:142

actionplugins_loadedincludes\integrations\class-dms-integrations.php:143

actiondms_rewrite_urisincludes\integrations\divi\class-dms-divi.php:25

actiondms_object_mapperincludes\integrations\divi\class-dms-divi.php:26

filteret_builder_custom_fontsincludes\integrations\divi\class-dms-divi.php:77

filteret_core_page_resource_tagincludes\integrations\divi\class-dms-divi.php:78

filteret_pb_module_shortcode_attributesincludes\integrations\divi\class-dms-divi.php:79

actionelementor_pro/forms/new_recordincludes\integrations\elementor\class-dms-elementor.php:51

filterelementor_pro/theme_builder/get_location_templates/conditionincludes\integrations\elementor\class-dms-elementor.php:52

filterelementor/frontend/before_renderincludes\integrations\elementor\class-dms-elementor.php:54

filterdms_mapping_valueincludes\integrations\woocommerce\class-dms-woocommerce.php:88

filterhome_urlincludes\integrations\woocommerce\class-dms-woocommerce.php:174

actionwp_loadedincludes\migrations\class-dms-migration.php:18

filterpre_get_site_by_pathsunrise.php:10

Maintenance & Trust

Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 17, 2026

PHP min version7.4

Downloads104K

Community Trust

Rating90/100

Number of ratings56

Active installs2K

Alternatives

Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional) Alternatives

Code Snippets

code-snippets

An easy, clean and simple way to enhance your site with code snippets.

1.0M 7 CVEs

User Switching

user-switching

100

Instant switching between user accounts in WordPress and WooCommerce.

200K No CVEs

Safe Redirect Manager

safe-redirect-manager

100

Safely manage your website's HTTP redirects.

40K 1 CVE

WP OPcache

flush-opcache

Manage OPcache inside your WordPress admin dashboard.

10K No CVEs

Prime Mover – Migrate WordPress Website & Backups

prime-mover

The simplest all-around WordPress migration tool/backup plugin. These support multisite backup/migration or clone WP site/multisite subsite.

10K 1 CVE

Developer Profile

Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional) Developer Profile

Wombat Plugins

4 plugins · 61K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

238 days

View full developer profile

Detection Fingerprints

How We Detect Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/domain-mapping-system/css//wp-content/plugins/domain-mapping-system/js/

Script Paths

/wp-content/plugins/domain-mapping-system/js/admin.js/wp-content/plugins/domain-mapping-system/js/dms.js/wp-content/plugins/domain-mapping-system/js/front.js/wp-content/plugins/domain-mapping-system/js/vue.js

Version Parameters

domain-mapping-system/css/admin.css?ver=domain-mapping-system/css/dms.css?ver=domain-mapping-system/css/front.css?ver=domain-mapping-system/js/admin.js?ver=domain-mapping-system/js/dms.js?ver=domain-mapping-system/js/front.js?ver=domain-mapping-system/js/vue.js?ver=

HTML / DOM Fingerprints

CSS Classes

dms-settings-pagedms-mapping-tabledms-mapping-rowdms-mapping-editdms-mapping-deletedms-mapping-add-new

HTML Comments

Data Attributes

data-dms-mapping-iddata-dms-mapping-hostdata-dms-mapping-path

JS Globals

dms_admin_varsdms_front_vars

REST Endpoints

/wp-json/dms/v1/mappings/wp-json/dms/v1/mappings/(?P<id>\d+)

Shortcode Output

[dms_mapping_list][dms_mapping_details]

FAQ