WP-Safety

Floorplans Security & Risk Analysis

wordpress.org/plugins/floorplans

Create a catalog of sortable, filterable, and searchable floorplans with image and video galleries.

10 active installs v0.2 PHP + WP 3.0.0+ Updated Jan 19, 2011
buildersconstructioncustom-post-typesfloorplansmodel-homes
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Floorplans Safe to Use in 2026?

Generally Safe

Score 85/100

Floorplans has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago
Risk Assessment

The "floorplans" v0.2 plugin exhibits significant security concerns primarily due to its unprotected entry points and a lack of robust security practices in its code. The presence of 3 AJAX handlers without authentication checks creates a substantial attack surface. Furthermore, the complete absence of capability checks for any functionality is a critical oversight, leaving all features exposed to unauthenticated users. While the plugin has no recorded vulnerability history, this should not be interpreted as a sign of strong security, but rather a potential lack of discovery or limited adoption. The code analysis also reveals the use of dangerous functions like `unserialize` and the extensive use of raw SQL queries without prepared statements, both of which are common vectors for serious vulnerabilities such as Remote Code Execution and SQL Injection. The low percentage of properly escaped output further exacerbates these risks, making cross-site scripting vulnerabilities highly probable. The taint analysis shows flows with unsanitized paths, which, although not currently flagged as critical or high severity, represent potential avenues for exploitation if combined with other weaknesses.

In conclusion, "floorplans" v0.2 presents a high-risk profile. The identified unprotected entry points, absence of capability checks, and use of dangerous coding practices far outweigh the positive aspect of having no known CVEs. Remediation should focus on implementing proper authentication and authorization for all entry points, sanitizing all user input, using prepared statements for all database queries, and ensuring all output is properly escaped. Until these fundamental security flaws are addressed, this plugin should be considered a significant security liability.

Key Concerns

  • AJAX handlers without auth checks
  • No capability checks
  • Dangerous functions used
  • Raw SQL without prepared statements
  • Low percentage of proper output escaping
  • Unsanitized paths in taint analysis
Vulnerabilities
None known

Floorplans Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Floorplans Release Timeline

v0.2Current
v0.1
Code Analysis
Analyzed Mar 17, 2026

Floorplans Code Analysis

Dangerous Functions
11
Raw SQL Queries
16
0 prepared
Unescaped Output
222
14 escaped
Nonce Checks
2
Capability Checks
0
File Operations
2
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_functionadd_action('wp_ajax_fp_ajax_floorplan_query', create_function("",' $class = FP_Utils::get_floorplan(core\class.core.php:109
create_function$settings_page = add_submenu_page('edit.php?post_type=floorplan', __('Settings', 'floorplans'), __(core\class.core.php:206
create_functionadd_action('admin_print_scripts-' . $settings_page, create_function('', "wp_enqueue_script('jquery-ucore\class.core.php:207
unserialize$data = unserialize($data);core\class.ud.php:120
unserializeif(is_array($maybe_array = unserialize($args)))core\class.utils.php:536
unserialize$result = unserialize(file_get_contents($cachefile));core\class.utils.php:631
create_functionadd_action('widgets_init', create_function('', 'return register_widget("GalleryFloorplansWidget");')floorplans.php:40
create_functionadd_action('widgets_init', create_function('', 'return register_widget("FloorplanFeaturesWidget");')floorplans.php:41
create_functionadd_action('widgets_init', create_function('', 'return register_widget("FloorplanVideoWidget");'));floorplans.php:42
create_functionadd_action('widgets_init', create_function('', 'return register_widget("FloorplanStatsWidget");'));floorplans.php:43
create_functionadd_action('init', create_function('', 'new FP_Core();'));floorplans.php:44

SQL Query Safety

0% prepared16 total queries

Output Escaping

6% escaped236 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths
ajax_floorplan_overview (core\class.core.php:307)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Floorplans Attack Surface

Entry Points4
Unprotected3

AJAX Handlers 3

authwp_ajax_fp_ajax_floorplan_querycore\class.core.php:109
authwp_ajax_fp_floorplan_overview_paginationcore\class.core.php:112
noprivwp_ajax_fp_floorplan_overview_paginationcore\class.core.php:113

Shortcodes 1

[floorplan_overview_page] core\class.core.php:59
WordPress Hooks 30
filteradmin_body_classcore\class.core.php:62
filterbody_classcore\class.core.php:65
actionthe_postcore\class.core.php:118
actionthe_contentcore\class.core.php:123
actiontemplate_redirectcore\class.core.php:127
actionadmin_initcore\class.core.php:130
actionadmin_print_stylescore\class.core.php:131
actionadmin_print_scriptscore\class.core.php:132
actionadmin_menucore\class.core.php:133
actionsave_postcore\class.core.php:134
filtermanage_edit-floorplan_columnscore\class.core.php:135
actionmanage_pages_custom_columncore\class.core.php:136
filterparse_querycore\class.core.php:137
actionadmin_head-edit.phpcore\class.core.php:208
actionplugins_loadedfloorplans.php:29
actionwidgets_initfloorplans.php:40
actionwidgets_initfloorplans.php:41
actionwidgets_initfloorplans.php:42
actionwidgets_initfloorplans.php:43
actioninitfloorplans.php:44
actionafter_setup_themetemplate_files\class.api.php:4
filterfp_stat_filter_pricetemplate_files\class.api.php:5
filterfp_stat_filter_areatemplate_files\class.api.php:6
filterfp_stat_filter_floorplan_typetemplate_files\class.api.php:8
filterfp_stat_filter_floorplan_collectiontemplate_files\class.api.php:9
filterfp_stat_filter_garage_locationtemplate_files\class.api.php:10
filterfp_stat_filter_first_floor_master_suitetemplate_files\class.api.php:11
filterfp_stat_filter_third_floortemplate_files\class.api.php:12
filterfp_stat_filter_sideload_garagetemplate_files\class.api.php:13
filterfp_stat_filter_range_plustemplate_files\class.api.php:15
Maintenance & Trust

Floorplans Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5
Last updatedJan 19, 2011
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Floorplans Alternatives

Custom Post Type UI

Custom Post Type UI

custom-post-type-ui

A
93

Admin UI for creating custom content types like post types and taxonomies

1.0M 4 CVEs
Under Construction

Under Construction

under-construction-page

A
99

Easy to use Under Construction Page & Coming Soon Page. Enable Under Construction Mode in seconds & show you're Under Construction!

600K 3 CVEs
Meta Box

Meta Box

meta-box

A
89

Meta Box plugin is a powerful, professional developer toolkit to create custom meta boxes and custom fields for your custom post types in WordPress.

500K 7 CVEs
CMP – Coming Soon & Maintenance Plugin by NiteoThemes

CMP – Coming Soon & Maintenance Plugin by NiteoThemes

cmp-coming-soon-maintenance

A
88

Beautiful Coming soon, Maintenance or Landing page on your website, packed with premium features for free.

200K 7 CVEs
Pods – Custom Content Types and Fields

Pods – Custom Content Types and Fields

pods

A
87

Pods is a framework for creating, managing, and deploying customized content types and fields for any project.

100K 14 CVEs
Developer Profile

Floorplans Developer Profile

paramountRob

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Floorplans

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/floorplans/css/jquery-ui.css/wp-content/plugins/floorplans/js/jquery.ui.slider.min.js/wp-content/plugins/floorplans/js/jquery.ui.mouse.min.js/wp-content/plugins/floorplans/js/jquery.cookie.js/wp-content/plugins/floorplans/js/floorplans-admin-overview.js/wp-content/plugins/floorplans/js/floorplans-overview.js/wp-content/plugins/floorplans/js/floorplans-global.js/wp-content/plugins/floorplans/third-party/fancybox/jquery.fancybox-1.3.1.css+6 more
Script Paths
/wp-content/plugins/floorplans/js/floorplans-admin-overview.js/wp-content/plugins/floorplans/js/floorplans-overview.js/wp-content/plugins/floorplans/js/floorplans-global.js/wp-content/plugins/floorplans/third-party/fancybox/jquery.fancybox-1.3.1.pack.js/wp-content/plugins/floorplans/third-party/fancybox/jquery.easing-1.3.pack.js/wp-content/plugins/floorplans/third-party/jquery.quicksand.js+1 more
Version Parameters
floorplans-admin-overview.js?ver=floorplans-overview.js?ver=floorplans-global.js?ver=jquery.fancybox-1.3.1.pack.js?ver=jquery.easing-1.3.pack.js?ver=jquery.ui.slider.min.js?ver=jquery.ui.mouse.min.js?ver=jquery.cookie.js?ver=floorplans.css?ver=floorplans-msie.css?ver=floorplans.js?ver=

HTML / DOM Fingerprints

CSS Classes
fp_admin_body_classfp_floorplan_body_class
Data Attributes
data-id
JS Globals
fp_urlFP_CoreGalleryFloorplansWidgetFloorplanFeaturesWidgetFloorplanVideoWidgetFloorplanStatsWidget
REST Endpoints
/wp-json/fp_ajax_floorplan_query/wp-json/fp_floorplan_overview_pagination
Shortcode Output
[floorplan_overview_page]
FAQ

Frequently Asked Questions about Floorplans