WP-Safety

JRM Killboard Security & Risk Analysis

wordpress.org/plugins/jrm-killboard

Display corporation kills using Killmails: sync it manually or automatically. Customizable: display your killboard the way you like it

10 active installs v1.3.1 PHP 5.6+ WP 4.8.12+ Updated Mar 7, 2020
eveeve-onlineeveonlinegamekillboard
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is JRM Killboard Safe to Use in 2026?

Generally Safe

Score 85/100

JRM Killboard has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The jrm-killboard plugin v1.3.1 presents a mixed security posture. On the positive side, it demonstrates good practices by using prepared statements for all SQL queries and has no recorded vulnerability history, which suggests a generally secure development approach and a lack of known exploitable flaws.

However, there are notable concerns identified in the static analysis. The plugin exposes a significant attack surface with 18 AJAX handlers, and a concerning 3 of these lack authentication checks. This means that without proper authorization, unauthenticated users could potentially interact with these handlers, leading to unexpected behavior or unintended data manipulation if not otherwise secured. The low percentage of properly escaped output (27%) is another significant weakness, increasing the risk of cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled carefully before being displayed.

While the taint analysis found no critical or high severity issues and the vulnerability history is clean, the presence of unprotected AJAX endpoints and inadequate output escaping are tangible risks that require attention. The lack of capability checks on AJAX handlers further compounds this risk. The plugin's strengths lie in its SQL handling and historical security, but the identified weaknesses in authentication and output sanitization detract from its overall security.

Key Concerns

  • AJAX handlers without auth checks
  • Low percentage of properly escaped output
  • Dangerous function: preg_replace(/e)
  • No capability checks on AJAX handlers
Vulnerabilities
None known

JRM Killboard Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

JRM Killboard Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
28 prepared
Unescaped Output
204
75 escaped
Nonce Checks
15
Capability Checks
0
File Operations
12
External Requests
9
Bundled Libraries
0

Dangerous Functions Found

preg_replace(/e)preg_replace("/^https\:\/\/eincludes\class.jrmkillboard.php:493

SQL Query Safety

100% prepared28 total queries

Output Escaping

27% escaped279 total outputs
Data Flows
All sanitized

Data Flow Analysis

3 flows
jrm_killboard_do_store_settings (jrmkb_killboard.php:275)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

JRM Killboard Attack Surface

Entry Points18
Unprotected3

AJAX Handlers 18

authwp_ajax_jrm_killboard_hide_killjrmkb_killboard.php:45
authwp_ajax_jrm_killboard_remove_killjrmkb_killboard.php:46
authwp_ajax_jrm_killboard_do_sync_pricejrmkb_killboard.php:47
authwp_ajax_jrm_killboard_do_sync_worthjrmkb_killboard.php:48
authwp_ajax_jrm_killboard_do_set_item_pricejrmkb_killboard.php:49
authwp_ajax_jrm_killboard_do_store_settingsjrmkb_killboard.php:50
authwp_ajax_jrm_killboard_do_store_graphics_settingsjrmkb_killboard.php:51
authwp_ajax_jrm_killboard_do_upload_killmailjrmkb_killboard.php:52
authwp_ajax_jrm_killboard_do_remove_sso_authjrmkb_killboard.php:53
authwp_ajax_jrm_killboard_do_get_logjrmkb_killboard.php:54
authwp_ajax_jrm_killboard_do_clear_logjrmkb_killboard.php:55
authwp_ajax_jrm_killboard_toggle_killsjrmkb_killboard.php:56
authwp_ajax_jrm_killboard_delete_bulkjrmkb_killboard.php:57
authwp_ajax_jrm_killboard_do_update_items_pricejrmkb_killboard.php:58
authwp_ajax_jrm_killboard_get_table_datajrmkb_killboard.php:77
noprivwp_ajax_jrm_killboard_get_table_datajrmkb_killboard.php:78
authwp_ajax_jrm_killboard_load_itemsjrmkb_killboard.php:79
noprivwp_ajax_jrm_killboard_load_itemsjrmkb_killboard.php:80
WordPress Hooks 9
filterpage_attributes_dropdown_pages_argsincludes\class.jrmkillboardfe.php:33
filtertheme_page_templatesincludes\class.jrmkillboardfe.php:41
filterwp_insert_post_dataincludes\class.jrmkillboardfe.php:48
filtertemplate_includeincludes\class.jrmkillboardfe.php:58
actionadmin_enqueue_scriptsjrmkb_killboard.php:36
actionplugins_loadedjrmkb_killboard.php:40
actionadmin_menujrmkb_killboard.php:44
actionjrm_killboard_cronjobjrmkb_killboard.php:81
actionjrm_killboard_cronjobjrmkb_killboard.php:362

Scheduled Events 3

jrm_killboard_cronjob
jrm_killboard_cronjob
jrm_killboard_cronjob
Maintenance & Trust

JRM Killboard Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21
Last updatedMar 7, 2020
PHP min version5.6
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

JRM Killboard Alternatives

Memory Game (Memorama)

Memory Game (Memorama)

memory-game

A
85

Captura las imagenes de tu juego de memoria y utiliza el shortcode para el juego [memorygame] y muestralo a tus visitantes Capture images from your me …

30 No CVEs
QuadMenu – Twenty Seventeen Mega Menu

QuadMenu – Twenty Seventeen Mega Menu

quadmenu-twentyseventeen-integration

A
100

Integrates QuadMenu with the Twenty Seventeen theme. Requires QuadMenu and Twenty Seventeen.

20 No CVEs
Eve Online Pheal API

Eve Online Pheal API

eve-online-pheal-api

A
85

Do Eve Online related API calls through PHP. Easy to use and fast.

10 No CVEs
WP Upcoming Releases

WP Upcoming Releases

wp-upcoming-releases

A
85

Show a list of upcoming releases: movies, games, events or any other thing your needs. Easy management with post type and categories.

10 No CVEs
The Events Calendar

The Events Calendar

the-events-calendar

B
82

The Events Calendar: #1 calendar plugin for WordPress. Create/manage events (virtual too!) on your site with the free plugin.

700K 25 CVEs
Developer Profile

JRM Killboard Developer Profile

Marco

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect JRM Killboard

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/jrm-killboard/admin/css/jrm-killboard-admin.css/wp-content/plugins/jrm-killboard/admin/css/jrm-killboard-graphic.css/wp-content/plugins/jrm-killboard/admin/css/jrm-killboard-settings.css/wp-content/plugins/jrm-killboard/admin/js/jrm-killboard-admin.js/wp-content/plugins/jrm-killboard/admin/js/jrm-killboard-graphics.js/wp-content/plugins/jrm-killboard/admin/js/jrm-killboard-items.js/wp-content/plugins/jrm-killboard/admin/js/jrm-killboard-settings.js/wp-content/plugins/jrm-killboard/css/jrm-killboard-frontend.css
Script Paths
/wp-content/plugins/jrm-killboard/admin/js/jrm-killboard-admin.js/wp-content/plugins/jrm-killboard/admin/js/jrm-killboard-graphics.js/wp-content/plugins/jrm-killboard/admin/js/jrm-killboard-items.js/wp-content/plugins/jrm-killboard/admin/js/jrm-killboard-settings.js
Version Parameters
jrm-killboard/admin/css/jrm-killboard-admin.css?ver=jrm-killboard/admin/css/jrm-killboard-graphic.css?ver=jrm-killboard/admin/css/jrm-killboard-settings.css?ver=jrm-killboard/admin/js/jrm-killboard-admin.js?ver=jrm-killboard/admin/js/jrm-killboard-graphics.js?ver=jrm-killboard/admin/js/jrm-killboard-items.js?ver=jrm-killboard/admin/js/jrm-killboard-settings.js?ver=jrm-killboard/css/jrm-killboard-frontend.css?ver=

HTML / DOM Fingerprints

CSS Classes
jrm-killboard-admin-wrapjrm-killboard-graphic-wrapjrm-killboard-settings-wrapjrm-killboard-items-wrap
HTML Comments
Fly safe Capsuler!
Data Attributes
data-jrm-killboard-id
JS Globals
jrm_killboard_admin_object
REST Endpoints
/wp-json/jrm-killboard/v1/data
Shortcode Output
[jrm_killboard]
FAQ

Frequently Asked Questions about JRM Killboard