WP-Safety

Duzz Portal – Stripe Custom Customer Payments Security & Risk Analysis

wordpress.org/plugins/duzz-custom-portal

Instantly connect with your customers and keep the conversation going with Duzz Custom Portal.

10 active installs v1.2.2 PHP + WP 5.7+ Updated Sep 18, 2024
chatcustomer-serviceinteractionproject-managementstripe
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Duzz Portal – Stripe Custom Customer Payments Safe to Use in 2026?

Generally Safe

Score 92/100

Duzz Portal – Stripe Custom Customer Payments has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The duzz-custom-portal plugin v1.2.2 exhibits a generally good security posture, with robust application of nonce and capability checks, and a high percentage of properly escaped output. The absence of any recorded historical vulnerabilities further strengthens this impression. However, a significant concern arises from the static analysis of SQL queries, where 100% of queries are not using prepared statements. This presents a notable risk for SQL injection vulnerabilities, especially if any of the input parameters used in these queries originate from user-controlled sources. While the taint analysis did not reveal critical or high-severity unsanitized flows, the presence of two flows with unsanitized paths warrants careful review to ensure these do not lead to exploitable weaknesses, particularly in conjunction with the un-prepared SQL queries.

Despite the strong adherence to WordPress security best practices in many areas, the unmitigated risk associated with raw SQL queries is the primary weakness. The plugin's history of zero vulnerabilities could indicate either a very well-written codebase historically or simply a lack of targeted discovery, making the identified code signals more critical. In conclusion, while the plugin demonstrates many positive security attributes, the lack of prepared statements for SQL queries introduces a significant potential for exploitation that needs immediate attention.

Key Concerns

  • SQL queries without prepared statements
  • Taint flows with unsanitized paths (2)
Vulnerabilities
None known

Duzz Portal – Stripe Custom Customer Payments Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Duzz Portal – Stripe Custom Customer Payments Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
8
319 escaped
Nonce Checks
12
Capability Checks
21
File Operations
0
External Requests
1
Bundled Libraries
2

Bundled Libraries

Select2Stripe PHP

SQL Query Safety

0% prepared1 total queries

Output Escaping

98% escaped327 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
process_guest_update (src\Shared\Actions\Duzz_Status_Feed.php:182)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Duzz Portal – Stripe Custom Customer Payments Attack Surface

Entry Points2
Unprotected0

AJAX Handlers 1

authwp_ajax_mark_message_as_trashedsrc\Base\Duzz_NotificationFetcher.php:18

Shortcodes 1

[duzz_status_feed] src\Shared\Actions\Duzz_Status_Feed.php:20
WordPress Hooks 94
actiontgmpa_registerduzz-custom-portal.php:41
filtertgmpa_plugin_listduzz-custom-portal.php:102
actionupdate_option_duzz_acf_settings_acf_keys_list_field_datasrc\Base\Admin\Duzz_ACF_Sync.php:8
actionadmin_enqueue_scriptssrc\Base\Admin\Duzz_ACF_Sync.php:10
actionadmin_menusrc\Base\Admin\Duzz_Admin.php:25
actioninitsrc\Base\Admin\Duzz_Admin.php:26
actionadmin_bar_menusrc\Base\Admin\Duzz_Admin.php:27
actionadmin_noticessrc\Base\Admin\Duzz_Admin.php:28
filterquery_varssrc\Base\Admin\Duzz_Admin.php:30
actioninitsrc\Base\Admin\Duzz_Base.php:14
actioninitsrc\Base\Admin\Duzz_Base.php:15
actioninitsrc\Base\Admin\Duzz_Base.php:16
actioninitsrc\Base\Admin\Duzz_Base.php:17
actionadmin_initsrc\Base\Admin\Factory\Duzz_Admin_Settings_Sections.php:29
actionadmin_enqueue_scriptssrc\Base\Admin\Factory\Duzz_Select2_Enqueue.php:11
actionupdated_optionsrc\Base\Admin\Factory\Duzz_User.php:9
actioninitsrc\Base\Duzz_Activation.php:15
filternav_menu_css_classsrc\Base\Duzz_Activation.php:16
actionload-nav-menus.phpsrc\Base\Duzz_Activation.php:17
actioninitsrc\Base\Duzz_Caps.php:12
actionin_admin_headersrc\Base\Duzz_NotificationFetcher.php:14
actionduzz_display_notificationsrc\Base\Duzz_NotificationFetcher.php:15
actionadmin_enqueue_scriptssrc\Base\Duzz_NotificationFetcher.php:16
actionwp_enqueue_scriptssrc\Base\Duzz_NotificationFetcher.php:17
actioninitsrc\Base\Duzz_Plugin_Handler.php:51
actioninitsrc\Base\Duzz_Post_Types.php:10
filterwp_setup_nav_menu_itemsrc\Base\Menu\Duzz_Menu.php:14
actionwp_update_nav_menu_itemsrc\Base\Menu\Duzz_Menu.php:17
filterwp_edit_nav_menu_walkersrc\Base\Menu\Duzz_Menu.php:18
filterwp_get_nav_menu_itemssrc\Base\Menu\Duzz_Menu.php:19
filterwp_page_menu_argssrc\Base\Menu\Duzz_Menu_Args.php:9
actiontemplate_redirectsrc\Base\Stripe\Duzz_Stripe_Checkout.php:30
actionwp_enqueue_scriptssrc\Base\Stripe\Duzz_Stripe_Enqueue.php:14
actionwpsrc\Core\Duzz_Edit_Wordpress.php:8
actionpre_get_commentssrc\Core\Duzz_Edit_Wordpress.php:9
actionwp_headsrc\Core\Duzz_Edit_Wordpress.php:15
filterwp_mail_fromsrc\Core\Duzz_Email.php:22
filterwp_mail_from_namesrc\Core\Duzz_Email.php:23
actionwp_enqueue_scriptssrc\Core\Duzz_Enqueue.php:10
actionadmin_post_send_invoicesrc\Core\Duzz_Processes.php:21
actionwpforms_process_completesrc\Core\Duzz_Processes.php:22
actionwpforms_process_completesrc\Core\Duzz_Processes.php:23
actioninitsrc\Core\Duzz_Processes.php:24
actioninitsrc\Core\Duzz_Processes.php:25
actioninitsrc\Core\Duzz_Processes.php:26
actiontemplate_redirectsrc\Core\Duzz_Redirect.php:15
actionwpsrc\Core\Duzz_Redirect.php:16
actionwpsrc\Core\Duzz_Redirect.php:17
filterthe_contentsrc\Core\Duzz_Redirect.php:18
actionthe_contentsrc\Core\Duzz_Redirect.php:19
filterlogin_redirectsrc\Core\Duzz_Redirect.php:20
actioninitsrc\Shared\Actions\Duzz_Emails.php:12
actionacf/save_postsrc\Shared\Actions\Duzz_Field_Sync.php:13
actionsave_postsrc\Shared\Actions\Duzz_Field_Sync.php:14
actionduzz_fields_updatedsrc\Shared\Actions\Duzz_Field_Sync.php:15
filteracf/prepare_fieldsrc\Shared\Actions\Duzz_Field_Sync.php:16
actionacf/save_postsrc\Shared\Actions\Duzz_Status_Feed.php:21
filteracf/update_valuesrc\Shared\Actions\Duzz_Status_Feed.php:22
actioninitsrc\Shared\Actions\Duzz_Status_Feed.php:23
filterbody_classsrc\Shared\Entity\Duzz_Role.php:48
actionadmin_headsrc\Shared\Layout\CSS\Duzz_Class_Factory.php:8
actionwp_headsrc\Shared\Layout\CSS\Duzz_Class_Factory.php:9
filterthe_contentsrc\Shared\Layout\Duzz_Layout.php:16
actioninitsrc\Shared\Layout\Duzz_Layout.php:17
filterquery_varssrc\Shared\Layout\Duzz_Layout.php:18
actionwidgets_initsrc\Shared\Layout\Factory\Duzz_Side_Bar.php:8
actiondynamic_sidebar_beforesrc\Shared\Layout\Factory\Duzz_Side_Bar.php:9
actiontable_factory_add_row_click_handlersrc\Shared\Layout\Factory\Duzz_Table_Factory.php:67
filteracf/prepare_fieldsrc\Shared\Layout\HTML\Duzz_ACF_Field.php:61
actionadmin_footersrc\Shared\Layout\Script\Duzz_Select2_Script.php:12
actioninittgm\class-tgm-plugin-activation.php:268
filterload_textdomain_mofiletgm\class-tgm-plugin-activation.php:269
actioninittgm\class-tgm-plugin-activation.php:272
actionadmin_menutgm\class-tgm-plugin-activation.php:419
actionadmin_headtgm\class-tgm-plugin-activation.php:420
filterinstall_plugin_complete_actionstgm\class-tgm-plugin-activation.php:423
filterupdate_plugin_complete_actionstgm\class-tgm-plugin-activation.php:424
actionadmin_noticestgm\class-tgm-plugin-activation.php:427
actionadmin_inittgm\class-tgm-plugin-activation.php:428
actionadmin_enqueue_scriptstgm\class-tgm-plugin-activation.php:429
actionload-plugins.phptgm\class-tgm-plugin-activation.php:434
actionswitch_themetgm\class-tgm-plugin-activation.php:437
actionswitch_themetgm\class-tgm-plugin-activation.php:440
actionadmin_inittgm\class-tgm-plugin-activation.php:445
actionswitch_themetgm\class-tgm-plugin-activation.php:450
actionload_textdomain_mofiletgm\class-tgm-plugin-activation.php:473
filterupgrader_source_selectiontgm\class-tgm-plugin-activation.php:887
actionplugins_loadedtgm\class-tgm-plugin-activation.php:2103
filtertgmpa_table_data_itemstgm\class-tgm-plugin-activation.php:2227
filterupgrader_source_selectiontgm\class-tgm-plugin-activation.php:2964
actionadmin_inittgm\class-tgm-plugin-activation.php:3134
actionupgrader_process_completetgm\class-tgm-plugin-activation.php:3229
filterupgrader_post_installtgm\class-tgm-plugin-activation.php:3288
filterupgrader_post_installtgm\class-tgm-plugin-activation.php:3433
Maintenance & Trust

Duzz Portal – Stripe Custom Customer Payments Maintenance & Trust

Maintenance Signals

WordPress version tested6.4.8
Last updatedSep 18, 2024
PHP min version
Downloads3K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Duzz Portal – Stripe Custom Customer Payments Alternatives

n8n Chat Widget

n8n Chat Widget

n8n-chat-widget

A
100

Adds a customizable n8n chat widget to your website frontend. It allows visitors to interact with n8n chat workflows directly from your website throug …

400 No CVEs
Chat Floating Button BY XD

Chat Floating Button BY XD

chat-floating-button-by-xd

A
100

Floating button for chatting with your visitors via WhatsApp.

300 No CVEs
China Payments Plugin | Accept WeChat Pay, Alipay & UnionPay | Chinese Checkout Optimization

China Payments Plugin | Accept WeChat Pay, Alipay & UnionPay | Chinese Checkout Optimization

wp-stripe-global-payments

A
100

Accept WeChat Pay, Alipay & UnionPay via Stripe. Chinese checkout optimization with localization, multi-currency display & CNY conversion for …

300 No CVEs
Richpanel – Customer Support Helpdesk & Chat

Richpanel – Customer Support Helpdesk & Chat

richpanel-for-woocommerce

A
92

Free Live Chat & Help desk for WooCommerce. Integrate in 2 mins.

100 No CVEs
Dante AI

Dante AI

dante-ai

A
100

Add a helpful AI chatbot to your WordPress site in minutes - boost engagement, answer questions, and turn more visitors into customers.

70 No CVEs
Developer Profile

Duzz Portal – Stripe Custom Customer Payments Developer Profile

Streater Kelley

1 plugin · 10 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Duzz Portal – Stripe Custom Customer Payments

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/duzz-custom-portal/assets/css/duzz-custom-portal.css/wp-content/plugins/duzz-custom-portal/assets/js/duzz-custom-portal.js/wp-content/plugins/duzz-custom-portal/assets/css/duzz-admin.css
Script Paths
/wp-content/plugins/duzz-custom-portal/vendor/autoload.php
Version Parameters
duzz-custom-portal/assets/css/duzz-custom-portal.css?ver=duzz-custom-portal/assets/js/duzz-custom-portal.js?ver=duzz-custom-portal/assets/css/duzz-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
duzz-acf-field-groupduzz-field-settings
HTML Comments
<!-- The Duzz Custom Portal plugin recommends the following plugin: %1$s. --><!-- The Duzz Custom Portal plugin recommends the following plugins: %1$s. -->
Data Attributes
data-noncedata-ajaxurl
JS Globals
duzzACFData
FAQ

Frequently Asked Questions about Duzz Portal – Stripe Custom Customer Payments