Does dpaBottomofPostPage have any unpatched vulnerabilities?

No. All known vulnerabilities in dpaBottomofPostPage have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is dpaBottomofPostPage compatible with WordPress 5.5.18?

According to WordPress.org data, dpaBottomofPostPage 1.24 [20200928] has been tested up to WordPress 5.5.18. Check the plugin's changelog for the latest compatibility information.

How often is dpaBottomofPostPage updated?

dpaBottomofPostPage was last updated on Sep 27, 2020. Frequent updates are generally a positive security signal.

What is dpaBottomofPostPage's security score?

dpaBottomofPostPage has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

dpaBottomofPostPage Security & Risk Analysis

wordpress.org/plugins/dpabottomofpostpage

This plugin can add several messages or adverts to the bottom of every WordPress post and page and now messages can be shown in in Home, Category &amp …

30 active installs v1.24 [20200928] PHP + WP 3.9.1+ Updated Sep 27, 2020

adsbottom-of-pagebottom-of-postpage-footerpost-footer

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is dpaBottomofPostPage Safe to Use in 2026?

Generally Safe

Score 85/100

dpaBottomofPostPage has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The 'dpabottomofpostpage' plugin exhibits a mixed security posture. While it boasts zero known CVEs and a clean vulnerability history, suggesting a generally stable codebase over time, the static analysis reveals significant concerns. The presence of 39 dangerous function calls, particularly `unserialize`, combined with taint analysis showing flows with unsanitized paths, is a major red flag. Specifically, a high-severity taint flow indicates a potential for malicious data manipulation. The fact that 95% of output is not properly escaped presents a high risk of Cross-Site Scripting (XSS) vulnerabilities. The complete lack of nonce checks and capability checks on entry points, which are zero in this case, offers no protection against unauthorized actions if any were to be discovered. While the plugin's minimal attack surface and exclusive use of prepared statements for SQL are positive attributes, the identified issues with data sanitization, output escaping, and the inherent risks of deserialization present a substantial security risk that requires immediate attention.

Key Concerns

Unsanitized path in taint flow (high severity)
Dangerous function 'unserialize' present
Insufficient output escaping (95% unescaped)
No nonce checks on entry points
No capability checks on entry points

Vulnerabilities

None known

dpaBottomofPostPage Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

dpaBottomofPostPage Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$spmybpz_pplist = unserialize( $spmybpz_tmpstr );dpabottomofpostpage-functionality.php:161

unserialize$spmybpz_ppplist = unserialize( $spmybpz_tmpstr );dpabottomofpostpage-functionality.php:200

unserialize$spmybpz_data_str_buttons = unserialize( $spmybpz_tmpstr);dpabottomofpostpage-functionality.php:278

unserialize$spmybpz_data_str = unserialize( $spmybpz_tmpstr);dpabottomofpostpage-functionality.php:318

unserialize$spmybpz_pplist = unserialize( $spmybpz_tmpstr );dpabottomofpostpage-functionality.php:334

unserialize$spmybpz_ppplist = unserialize( $spmybpz_tmpstr );dpabottomofpostpage-functionality.php:344

unserialize$spmybpz_post_SEO = unserialize( $spmybpz_tmpstr);dpabottomofpostpage-functionality.php:380

unserialize$spmybpz_msg_array = unserialize( spmybpz_zbopp_read_file( $spmybpz_msg_array_file, 8 ));dpabottomofpostpage-functionality.php:392

unserialize$spmybpz_tmpstr_html_array = unserialize( spmybpz_zbopp_read_file( $spmybpz_tmpstr_html_array_file, dpabottomofpostpage-functionality.php:397

unserialize$spmybpz_page_SEO = unserialize( $spmybpz_tmpstr);dpabottomofpostpage-functionality.php:467

unserialize$spmybpz_page_msg_array = unserialize( spmybpz_zbopp_read_file( $spmybpz_page_msg_array_file, 11 ));dpabottomofpostpage-functionality.php:478

unserialize$spmybpz_tmpstr_page_html_array = unserialize( spmybpz_zbopp_read_file( $spmybpz_tmpstr_page_html_ardpabottomofpostpage-functionality.php:484

unserialize$spmybpz_data_str_buttons = unserialize( $spmybpz_tmpstr);dpabottomofpostpage-functionality.php:651

unserialize$spmybpz_data_str = unserialize( $spmybpz_tmpstr);dpabottomofpostpage-functionality.php:694

unserialize$spmybpz_pplist = unserialize( $spmybpz_tmpstr );dpabottomofpostpage-functionality.php:711

unserialize$spmybpz_ppplist = unserialize( $spmybpz_tmpstr );dpabottomofpostpage-functionality.php:722

unserialize$spmybpz_post_SEO = unserialize( $spmybpz_tmpstr);dpabottomofpostpage-functionality.php:761

unserialize$spmybpz_msg_array = unserialize( spmybpz_zbopp_read_file( $spmybpz_msg_array_file, 18 ));dpabottomofpostpage-functionality.php:772

unserialize$spmybpz_tmpstr_html_array = unserialize( spmybpz_zbopp_read_file( $spmybpz_tmpstr_html_array_file, dpabottomofpostpage-functionality.php:778

unserialize$spmybpz_page_SEO = unserialize( $spmybpz_tmpstr);dpabottomofpostpage-functionality.php:848

unserialize$spmybpz_page_msg_array = unserialize( spmybpz_zbopp_read_file( $spmybpz_page_msg_array_file, 21 ));dpabottomofpostpage-functionality.php:859

unserialize$spmybpz_tmpstr_page_html_array = unserialize( spmybpz_zbopp_read_file( $spmybpz_tmpstr_page_html_ardpabottomofpostpage-functionality.php:865

unserialize$spmybpz_data_str = unserialize( $spmybpz_tmpstr);dpabottomofpostpage-functionality.php:1028

unserialize$spmybpz_data_str = unserialize( $spmybpz_tmpstr);spmybpz_zbopp_setup_form.php:185

unserialize$spmybpz_data_str_buttons = unserialize( $spmybpz_tmpstr);spmybpz_zbopp_setup_form.php:230

unserialize$spmybpz_post_SEO = unserialize( $spmybpz_tmpstr);spmybpz_zbopp_setup_form.php:256

unserialize$spmybpz_page_SEO = unserialize( $spmybpz_tmpstr);spmybpz_zbopp_setup_form.php:309

unserialize$spmybpz_pplist = unserialize( $spmybpz_tmpstr );spmybpz_zbopp_setup_form.php:363

unserialize$spmybpz_ppplist = unserialize( $spmybpz_tmpstr );spmybpz_zbopp_setup_form.php:413

unserialize$spmybpz_tmpstr = unserialize( spmybpz_zbopp_read_file( $spmybpz_setup_file, 36 ) );spmybpz_zbopp_setup_form.php:793

unserialize$spmybpz_tmpstr = unserialize( spmybpz_zbopp_read_file( $spmybpz_setup_file, 37 ) );spmybpz_zbopp_setup_form.php:882

unserialize$spmybpz_post_SEO = unserialize( $spmybpz_tmpstr);spmybpz_zbopp_setup_form.php:1019

unserialize$spmybpz_page_SEO = unserialize( $spmybpz_tmpstr);spmybpz_zbopp_setup_form.php:1032

unserialize$spmybpz_msg_array = unserialize( spmybpz_zbopp_read_file( $spmybpz_msg_array_file, 41 ));spmybpz_zbopp_setup_form.php:1079

unserialize$spmybpz_tmpstr_html_array = unserialize( spmybpz_zbopp_read_file( $spmybpz_tmpstr_html_array_file, spmybpz_zbopp_setup_form.php:1083

unserialize$spmybpz_page_msg_array = unserialize( spmybpz_zbopp_read_file( $spmybpz_page_msg_array_file, 44 ));spmybpz_zbopp_setup_form.php:1118

unserialize$spmybpz_tmpstr_page_html_array = unserialize( spmybpz_zbopp_read_file( $spmybpz_tmpstr_page_html_arspmybpz_zbopp_setup_form.php:1122

unserialize$spmybpz_pplist = unserialize( $spmybpz_tmpstr );spmybpz_zbopp_setup_form.php:1430

unserialize$spmybpz_ppplist = unserialize( $spmybpz_tmpstr );spmybpz_zbopp_setup_form.php:1473

Output Escaping

5% escaped86 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

dpabottomofpostpageEnd (dpabottomofpostpage-functionality.php:262)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

dpaBottomofPostPage Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 11

actionsave_postdpabottomofpostpage-functionality.php:1055

actionpost_updateddpabottomofpostpage-functionality.php:1056

actionedit_postdpabottomofpostpage-functionality.php:1057

actionpublish_postdpabottomofpostpage-functionality.php:1058

actionpre_post_updatedpabottomofpostpage-functionality.php:1059

actiontrash_postdpabottomofpostpage-functionality.php:1060

actionadmin_menudpabottomofpostpage-functionality.php:1061

filterthe_contentdpabottomofpostpage-functionality.php:1069

actionwp_footerdpabottomofpostpage-functionality.php:1070

filterthe_contentdpabottomofpostpage-functionality.php:1072

actionwp_footerdpabottomofpostpage-functionality.php:1073

Maintenance & Trust

dpaBottomofPostPage Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18

Last updatedSep 27, 2020

PHP min version

Downloads7K

Community Trust

Rating100/100

Number of ratings2

Active installs30

Alternatives

dpaBottomofPostPage Alternatives

Ninja Footers

ninja-footers-lite

Create customizable footers for your posts.

200 No CVEs

Posts Footer Manager

intelly-posts-footer-manager

Clean the mess after your content! Organize your post's footer, insert what you want, order elements, create groups for specific categories.

20 1 unpatched

Site Kit by Google – Analytics, Search Console, AdSense, Speed

google-site-kit

100

Site Kit is a one-stop solution for WordPress users to use everything Google has to offer to make them successful on the web.

5.0M 1 CVE

Google for WooCommerce

google-listings-and-ads

Native integration with Google that allows merchants to easily display their products across Google’s network.

900K 1 CVE

GTM4WP – A Google Tag Manager (GTM) plugin for WordPress

duracelltomi-google-tag-manager

Advanced tag management for WordPress with Google Tag Manager

700K 3 CVEs

Developer Profile

dpaBottomofPostPage Developer Profile

peter achutha

2 plugins · 40 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect dpaBottomofPostPage

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/dpabottomofpostpage/spmybpz_zbopp_setup_form.js/wp-content/plugins/dpabottomofpostpage/spmybpz_zbopp_setup_form.css

Script Paths

/wp-content/plugins/dpabottomofpostpage/spmybpz_zbopp_setup_form.js

Version Parameters

dpabottomofpostpage/spmybpz_zbopp_setup_form.css?ver=dpabottomofpostpage/spmybpz_zbopp_setup_form.js?ver=

HTML / DOM Fingerprints

CSS Classes

spmybpz_zbopp_setup_form_wrap

HTML Comments

Data Attributes

data-tab-id

JS Globals

spmybpz_zbopp_var

FAQ