WP-Safety

DS Site Message Security & Risk Analysis

wordpress.org/plugins/ds-site-message

DS Site Message (DSSM) adds to WordPress a beautiful Maintenance, Coming Soon or Offline-Message page.

10 active installs v1.14.5 PHP 7.2+ WP 4.9.4+ Updated Feb 25, 2025
coming-soonmaintenancemaintenance-modeunder-constructionwebsite-message
91
A · Safe
CVEs total1
Unpatched0
Last CVEMay 7, 2024
Plugin page Download
Safety Verdict

Is DS Site Message Safe to Use in 2026?

Generally Safe

Score 91/100

DS Site Message has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 7, 2024Updated 1yr ago
Risk Assessment

The ds-site-message plugin v1.14.5 exhibits a generally good security posture, with no critical or high severity vulnerabilities identified in the static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events with unprotected entry points is a significant strength. Furthermore, the plugin demonstrates sound practices by using prepared statements for all SQL queries and having no file operations or external HTTP requests, which are common sources of vulnerabilities. The presence of capability checks, though only one, is also a positive indicator of security awareness.

However, there are areas for improvement. The low percentage of properly escaped output (8%) is a concern, as it indicates a potential for Cross-Site Scripting (XSS) vulnerabilities if untrusted data is rendered without adequate sanitization. The lack of nonce checks, especially given the plugin's history of CSRF vulnerabilities, represents a significant oversight and a potential attack vector. While there are no currently unpatched CVEs, the existence of one past CVE, specifically a CSRF vulnerability, highlights a historical weakness that could resurface or be exploited if not diligently addressed.

In conclusion, while ds-site-message v1.14.5 has strong foundations in preventing common web application attacks like SQL injection and unauthorized access through its limited attack surface and proper SQL practices, the insufficient output escaping and the absence of nonce checks on potentially sensitive operations are notable weaknesses. The historical CSRF vulnerability further emphasizes the need for robust input validation and CSRF protection mechanisms.

Key Concerns

  • Low percentage of output escaping
  • No nonce checks for potential sensitive operations
  • Past CSRF vulnerability history
Vulnerabilities
1

DS Site Message Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-34439medium · 4.3Cross-Site Request Forgery (CSRF)

DS Site Message <= 1.14.4 - Cross-Site Request Forgery

May 7, 2024 Patched in 1.14.5 (295d)
Code Analysis
Analyzed Mar 17, 2026

DS Site Message Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
34
3 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

8% escaped37 total outputs
Attack Surface

DS Site Message Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 8
actionadmin_menuadmin\inc\class-admin.php:46
actionadmin_enqueue_scriptsadmin\inc\class-admin.php:49
actionadmin_noticesadmin\inc\class-admin.php:80
actionupdate_option_dssm_settingsadmin\inc\class-admin.php:83
filtertemplate_includeds-site-message.php:88
actionwp_footerds-site-message.php:90
actionplugins_loadedds-site-message.php:110
actionplugins_loadedds-site-message.php:122
Maintenance & Trust

DS Site Message Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedFeb 25, 2025
PHP min version7.2
Downloads12K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

DS Site Message Alternatives

CMP – Coming Soon & Maintenance Plugin by NiteoThemes

CMP – Coming Soon & Maintenance Plugin by NiteoThemes

cmp-coming-soon-maintenance

A
94

Beautiful Coming soon, Maintenance or Landing page on your website, packed with premium features for free.

200K 6 CVEs
Under Construction, Coming Soon & Maintenance Mode

Under Construction, Coming Soon & Maintenance Mode

under-construction-maintenance-mode

A
99

Under Construction is a simple plugin for setting up Under Construction, Coming Soon and Maintenance Mode using WordPress Customizer.

10K 2 CVEs
Coming soon and Maintenance mode

Coming soon and Maintenance mode

coming-soon-page

A
98

Coming soon and Maintenance mode plugin is an awesome tool to show your website visitors that you are working on your website for making it better.

9K 4 CVEs
Ultimate Coming Soon & Maintenance

Ultimate Coming Soon & Maintenance

ultimate-coming-soon

A
98

Best Coming Soon, Under Construction, Maintenance Mode, and Landing Page for your website get advanced features for free.

9K 3 CVEs
Coming Soon & Maintenance Mode by Colorlib

Coming Soon & Maintenance Mode by Colorlib

colorlib-coming-soon-maintenance

A
99

Create a coming soon page or maintenance mode screen with 15 responsive templates, countdown timer, MailChimp subscribe form, and social media links.

7K 2 CVEs
Developer Profile

DS Site Message Developer Profile

Estian Hough

2 plugins · 10 total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
295 days
View full developer profile
Detection Fingerprints

How We Detect DS Site Message

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ds-site-message/admin/assets/css/style.css/wp-content/plugins/ds-site-message/admin/assets/js/script.js/wp-content/plugins/ds-site-message/admin/assets/vendors/ds-core/css/style.css/wp-content/plugins/ds-site-message/admin/assets/vendors/ds-core/js/script.js/wp-content/plugins/ds-site-message/admin/assets/vendors/wp-color-picker-alpha/wp-color-picker-alpha.min.js/wp-content/plugins/ds-site-message/templates/admin-notice.php/wp-content/plugins/ds-site-message/templates/message.php
Script Paths
/wp-content/plugins/ds-site-message/admin/assets/js/script.js/wp-content/plugins/ds-site-message/admin/assets/vendors/wp-color-picker-alpha/wp-color-picker-alpha.min.js/wp-content/plugins/ds-site-message/admin/assets/vendors/ds-core/js/script.js
Version Parameters
ds-site-message/admin/assets/css/style.css?ver=ds-site-message/admin/assets/js/script.js?ver=ds-site-message/admin/assets/vendors/ds-core/css/style.css?ver=ds-site-message/admin/assets/vendors/ds-core/js/script.js?ver=ds-site-message/admin/assets/vendors/wp-color-picker-alpha/wp-color-picker-alpha.min.js?ver=

HTML / DOM Fingerprints

HTML Comments
██████ ███████ ███████ ██ ███ ██ ██ ████████ ██ ██████ ███ ██ ███████ ██ ██ ██ ██ ██ ████ ██ ██ ██ ██ ██ ██ ████ ██ ██ ██ ██ █████ █████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ███████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██████ ███████ ██ ██ ██ ████ ██ ██ ██ ██████ ██ ████ █████████████ ███████ ███████ ██ ████████ ███████ ███ ███ ███████ ███████ ███████ █████ ██████ ███████ ██ ██ ██ ██ ██ ██ ██ ████ ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ███████ ███████ ██ ██ █████ ██ ████ ██ █████ ███████ ███████ ███████ ██ ███ ███████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██████ ███████ ███████ ██ ██ ███████ ██ ██ ███████ ███████ ███████ ██ ██ ██████ █████████████ ███████ ███████ ██ ████████ ███████ ███ ███ ███████ ███████ ███████ █████ ██████ ███████ █████ ██████ ███ ███ ██ ███ ██ ██ ██ ██ ██ ██ ██ ██ ████ ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ████ ████ ██ ████ ██ ██ ██ ███████ ███████ ██ ██ █████ ██ ████ ██ █████ ███████ ███████ ███████ ██ ███ ███████ ███████ ██ ██ ██ ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██████ ███████ ███████ ██ ██ ███████ ██ ██ ███████ ███████ ███████ ██ ██ ██████ ███████ ██ ██ ██████ ██ ██ ██ ██ ██ ████
JS Globals
DSSM_URLDSSM_ADMINDSSM_ASSETSDSSM_TITLEDSSM_SLUGDSSM_VERSION+2 more
FAQ

Frequently Asked Questions about DS Site Message