Does Foyer – Digital Signage for WordPress have any unpatched vulnerabilities?

Yes — Foyer – Digital Signage for WordPress currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Foyer – Digital Signage for WordPress compatible with WordPress 6.9.4?

According to WordPress.org data, Foyer – Digital Signage for WordPress 1.7.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Foyer – Digital Signage for WordPress updated?

Foyer – Digital Signage for WordPress was last updated on Mar 19, 2026. Frequent updates are generally a positive security signal.

What is Foyer – Digital Signage for WordPress's security score?

Foyer – Digital Signage for WordPress has a WP-Safety security score of 79/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Foyer – Digital Signage for WordPress: 1 Unpatched CVE

Safety Verdict

Is Foyer – Digital Signage for WordPress Safe to Use in 2026?

Mostly Safe

Score 79/100

Foyer – Digital Signage for WordPress is generally safe to use. 1 past CVE were resolved.

1 known CVE 1 unpatched Last CVE: Nov 7, 2023Updated 1mo ago

Risk Assessment

The "foyer" plugin, version 1.7.6, exhibits a mixed security posture. While it demonstrates strong adherence to secure coding practices in several areas, such as 100% use of prepared statements for SQL queries and a high percentage of properly escaped output, significant concerns arise from its attack surface. All five identified AJAX handlers lack authentication checks, creating a substantial risk for unauthorized actions. Furthermore, the plugin has a history of known vulnerabilities, with one medium-severity Improper Authorization vulnerability remaining unpatched. This pattern suggests a recurring issue with access control within the plugin, which, when combined with the unprotected AJAX endpoints, could be exploited by attackers.

Despite the positive aspects of its code quality regarding SQL and output handling, the lack of authorization checks on critical entry points (AJAX handlers) is a major weakness. The single unpatched medium-severity vulnerability, coupled with the unprotected AJAX handlers, indicates that an attacker could potentially leverage these vulnerabilities to perform unauthorized actions or manipulate plugin behavior. While the taint analysis did not reveal critical or high-severity unsanitized flows, the existing vulnerabilities and the large unprotected attack surface demand immediate attention. The plugin's overall security posture is therefore considered vulnerable due to these critical omissions.

Key Concerns

5 unprotected AJAX handlers
1 unpatched medium severity CVE
3 insufficient capability checks
4 unsanitized paths in taint flows

Vulnerabilities

1 published

Foyer – Digital Signage for WordPress Security Vulnerabilities

CVEs by Year

1 CVE in 2023 · unpatched

2023

Patched Has unpatched

Severity Breakdown

Medium

1

1 total CVE

CVE-2023-47663medium · 4.3Improper Authorization

Foyer <= 1.7.5 - Content Injection via Improper Access Control

Nov 7, 2023Unpatched

Version History

Foyer – Digital Signage for WordPress Release Timeline

No version history available.

Code Analysis

Analyzed Apr 16, 2026

Foyer – Digital Signage for WordPress Code Analysis

Dangerous Functions

0

Raw SQL Queries

0

0 prepared

Unescaped Output

60

243 escaped

Nonce Checks

6

Capability Checks

3

File Operations

0

External Requests

0

Bundled Libraries

0

Output Escaping

80% escaped303 total outputs

Data Flows · Security

4 unsanitized

Data Flow Analysis

14 flows4 with unsanitized paths

add_slide_over_ajax (admin/class-foyer-admin-channel.php:47)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

5 unprotected

Foyer – Digital Signage for WordPress Attack Surface

Entry Points5

Unprotected5

AJAX Handlers 5

authwp_ajax_foyer_slides_editor_add_slideadmin/class-foyer-admin.php:42

authwp_ajax_foyer_slides_editor_remove_slideadmin/class-foyer-admin.php:43

authwp_ajax_foyer_slides_editor_reorder_slidesadmin/class-foyer-admin.php:44

authwp_ajax_foyer_preview_save_orientation_choiceadmin/class-foyer-admin.php:60

noprivwp_ajax_foyer_preview_save_orientation_choiceadmin/class-foyer-admin.php:61

WordPress Hooks 44

actionadmin_enqueue_scriptsadmin/class-foyer-admin.php:26

actionadmin_enqueue_scriptsadmin/class-foyer-admin.php:27

actionadmin_menuadmin/class-foyer-admin.php:28

actionadmin_enqueue_scriptsadmin/class-foyer-admin.php:31

actionadd_meta_boxesadmin/class-foyer-admin.php:32

actionadd_meta_boxesadmin/class-foyer-admin.php:33

actionsave_postadmin/class-foyer-admin.php:34

actionadmin_enqueue_scriptsadmin/class-foyer-admin.php:38

actionadd_meta_boxesadmin/class-foyer-admin.php:39

actionadd_meta_boxesadmin/class-foyer-admin.php:40

actionsave_postadmin/class-foyer-admin.php:41

filterget_sample_permalink_htmladmin/class-foyer-admin.php:45

actionadmin_enqueue_scriptsadmin/class-foyer-admin.php:50

actionadd_meta_boxesadmin/class-foyer-admin.php:51

actionsave_postadmin/class-foyer-admin.php:52

filterget_sample_permalink_htmladmin/class-foyer-admin.php:53

actionwp_enqueue_scriptsadmin/class-foyer-admin.php:58

filtershow_admin_baradmin/class-foyer-admin.php:59

filterwp_image_editorsadmin/class-foyer-admin.php:64

actiondelete_attachmentadmin/class-foyer-admin.php:65

actionadmin_noticesadmin/class-foyer-admin.php:66

actioninitincludes/class-foyer-updater.php:34

actionplugins_loadedincludes/class-foyer.php:43

actionplugins_loadedincludes/class-foyer.php:46

actionplugins_loadedincludes/class-foyer.php:49

actioninitincludes/class-foyer.php:52

filterfoyer/slides/backgroundsincludes/class-foyer.php:55

filterfoyer/slides/backgroundsincludes/class-foyer.php:56

filterfoyer/slides/backgroundsincludes/class-foyer.php:57

filterfoyer/slides/backgroundsincludes/class-foyer.php:58

filterfoyer/slides/formatsincludes/class-foyer.php:61

filterfoyer/slides/formatsincludes/class-foyer.php:62

filterfoyer/slides/formatsincludes/class-foyer.php:63

filterfoyer/slides/formatsincludes/class-foyer.php:64

filterfoyer/slides/formatsincludes/class-foyer.php:65

filterfoyer/slides/formatsincludes/class-foyer.php:66

filterfoyer/slides/formatsincludes/class-foyer.php:67

filterfoyer/slides/formatsincludes/class-foyer.php:68

actionwp_enqueue_scriptspublic/class-foyer-public.php:27

actionwp_enqueue_scriptspublic/class-foyer-public.php:28

actioninitpublic/class-foyer-public.php:29

actionwp_headpublic/class-foyer-public.php:30

actiontemplate_includepublic/class-foyer-public.php:33

filterfoyer/templates/plugin_template_pathspublic/class-foyer-templates.php:130

Maintenance & Trust

Foyer – Digital Signage for WordPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 19, 2026

PHP min version

Downloads32K

Community Trust

Rating98/100

Number of ratings27

Active installs1K

Alternatives

Foyer – Digital Signage for WordPress Alternatives

WPScreens

wpscreens

A

100

The friendliest free digital signage system for WordPress, enabling easy screen management for shops, waiting rooms, and more.

400 No CVEs

Digital Signage

digital-signage

A

100

Create a dedicated digital signage display that automatically rotates through images from your WordPress posts.

30 No CVEs

Digitalsignagepress Lite

digitalsignagepress-lite

A

85

Digitalsignagepress lets you create, manage, and deliver messages and media to advertising displays.

30 No CVEs

ScreenCloud

screencloud

A

92

Push content from WordPress to your screens seamlessly with ScreenCloud, auto-transforming data into designs for digital signage.

30 No CVEs

Simple Presenter

simple-presenter

A

91

A simple way to create presentations that can be viewed in a web browser, meant for usage in a company by displaying it on Raspberry Pi's.

10 1 CVE

Developer Profile

Foyer – Digital Signage for WordPress Developer Profile

Menno Luitjes

1 plugin · 1K total installs

79

trust score

Avg Security Score

79/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Foyer – Digital Signage for WordPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/foyer/admin/js/foyer-admin-min.js/wp-content/plugins/foyer/public/css/foyer-public.css/wp-content/plugins/foyer/public/js/foyer-public.js/wp-content/plugins/foyer/admin/css/foyer-admin.css

Script Paths

admin/js/foyer-admin-min.jspublic/js/foyer-public.js

Version Parameters

foyer-admin-min.js?ver=foyer-public.css?ver=foyer-public.js?ver=foyer-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

foyer-display-outputfoyer-channel-output

HTML Comments

Data Attributes

data-foyer-display-iddata-foyer-channel-id

JS Globals

foyer_preview

Shortcode Output

[foyer_display[foyer_channel

FAQ

Foyer – Digital Signage for WordPress Security & Risk Analysis

Is Foyer – Digital Signage for WordPress Safe to Use in 2026?

Mostly Safe

Key Concerns

Foyer – Digital Signage for WordPress Security Vulnerabilities

CVEs by Year

Severity Breakdown

Foyer – Digital Signage for WordPress Release Timeline

Foyer – Digital Signage for WordPress Code Analysis

Output Escaping

Data Flow Analysis

Foyer – Digital Signage for WordPress Attack Surface

AJAX Handlers 5

Foyer – Digital Signage for WordPress Maintenance & Trust

Maintenance Signals

Community Trust

Foyer – Digital Signage for WordPress Alternatives

WPScreens

Digital Signage

Digitalsignagepress Lite

ScreenCloud

Simple Presenter

Foyer – Digital Signage for WordPress Developer Profile

How We Detect Foyer – Digital Signage for WordPress

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Foyer – Digital Signage for WordPress