WP-Safety

KD Submissions Security & Risk Analysis

wordpress.org/plugins/kd-submissions

An intuitive WordPress plugin for managing submissions created by Elementor Submissions, statuses, and comments with seamless admin tools. ---

90 active installs v2.0.1 PHP + WP + Updated Dec 17, 2025
admin-toolscommentsmanagementstatusessubmissions
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is KD Submissions Safe to Use in 2026?

Generally Safe

Score 100/100

KD Submissions has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The plugin 'kd-submissions' v2.0.1 exhibits a generally strong security posture based on the provided static analysis. A significant strength is the complete absence of unprotected entry points across all identified AJAX handlers. Furthermore, the plugin demonstrates good practices with a high percentage of SQL queries utilizing prepared statements and a robust rate of output escaping, minimizing common injection and XSS risks. The lack of any recorded vulnerabilities, including CVEs, further contributes to a positive security assessment. However, while the code analysis signals are largely positive, the presence of file operations and external HTTP requests, even if only one each, warrants a degree of caution. Without further context or specific analysis of these operations, there's a theoretical risk of misconfiguration or unintended behavior that could be exploited. The vulnerability history is a significant positive indicator of robust development practices over time. In conclusion, 'kd-submissions' v2.0.1 appears to be a secure plugin with a commendable development history. The minimal risks identified stem from the inherent nature of certain operations (file handling, external requests) rather than overt coding flaws.

Vulnerabilities
None known

KD Submissions Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

KD Submissions Code Analysis

Dangerous Functions
0
Raw SQL Queries
37
108 prepared
Unescaped Output
20
132 escaped
Nonce Checks
18
Capability Checks
18
File Operations
1
External Requests
1
Bundled Libraries
0

SQL Query Safety

74% prepared145 total queries

Output Escaping

87% escaped152 total outputs
Data Flows
All sanitized

Data Flow Analysis

14 flows
handle (includes\Admin\Ajax\AddStatus.php:14)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

KD Submissions Attack Surface

Entry Points17
Unprotected0

AJAX Handlers 17

authwp_ajax_add_commentincludes\Admin\Ajax\AddComment.php:11
authwp_ajax_add_statusincludes\Admin\Ajax\AddStatus.php:11
authwp_ajax_add_submissionincludes\Admin\Ajax\AddSubmission.php:11
authwp_ajax_delete_commentincludes\Admin\Ajax\DeleteComment.php:11
authwp_ajax_delete_statusincludes\Admin\Ajax\DeleteStatus.php:11
authwp_ajax_delete_submissionsincludes\Admin\Ajax\DeleteSubmissions.php:11
authwp_ajax_delete_submission_statusincludes\Admin\Ajax\DeleteSubmissionStatus.php:11
authwp_ajax_filter_submissions_by_formincludes\Admin\Ajax\FilterSubmissionsByForm.php:14
authwp_ajax_get_form_fieldsincludes\Admin\Ajax\GetFormFields.php:11
authwp_ajax_get_statusesincludes\Admin\Ajax\GetStatuses.php:11
authwp_ajax_keyd_get_submission_detailsincludes\Admin\Ajax\GetSubmissionDetails.php:11
authwp_ajax_keyd_mark_all_unread_readincludes\Admin\Ajax\MarkAllUnreadRead.php:11
authwp_ajax_keyd_mark_submission_readincludes\Admin\Ajax\MarkSubmissionRead.php:11
authwp_ajax_update_submission_keyincludes\Admin\Ajax\UpdateSubmissionKey.php:11
authwp_ajax_keyd_update_submission_statusincludes\Admin\Ajax\UpdateSubmissionStatus.php:11
authwp_ajax_update_submission_statusesincludes\Admin\Ajax\UpdateSubmissionStatuses.php:11
authwp_ajax_get_dashboard_statsincludes\Admin\DashboardPage.php:11
WordPress Hooks 16
actionadmin_bar_menuincludes\Admin\AdminBar.php:11
actioninitincludes\Assets.php:11
actionkeyd_enqueue_submissions_assetsincludes\Assets.php:12
actionwp_enqueue_scriptsincludes\Assets.php:13
actionadmin_enqueue_scriptsincludes\Assets.php:14
actionadmin_menuincludes\Menu.php:11
actioninitincludes\Rewrite.php:21
filterquery_varsincludes\Rewrite.php:22
actionpre_get_postsincludes\Rewrite.php:23
actiontemplate_redirectincludes\Rewrite.php:24
actionrest_api_initincludes\Services\WhmcsLiveEndpoint.php:23
actioninitincludes\Services\WhmcsSync.php:18
actioninitkd-submissions.php:64
actionplugins_loadedkd-submissions.php:111
actionwp_enqueue_scriptsreferral\init.php:8
actionelementor_pro/forms/new_recordreferral\init.php:12
Maintenance & Trust

KD Submissions Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedDec 17, 2025
PHP min version
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs90
Alternatives

KD Submissions Alternatives

Show All Comments

Show All Comments

show-all-comments-in-one-page

C
62

This plugin displays all the comments received on your various posts in a single page with filter, enabling the readers to read all the comments in a …

500 1 unpatched
Bulk Delete Users by Keyword

Bulk Delete Users by Keyword

bulk-delete-users-by-keyword

A
100

Efficiently manage your WordPress users with keyword-based bulk deletion capabilities.

70 No CVEs
Multisite Usage Scanner

Multisite Usage Scanner

multisite-usage-scanner

A
100

Scan your WordPress multisite network to identify which plugins are actively used across sites. Helps admins safely clean up unused plugins.

60 No CVEs
Modules Insight

Modules Insight

modules-insight

A
100

Provides a quick overview of installed WordPress plugins with their status, exportable as JSON.

20 No CVEs
Betta Comments

Betta Comments

betta-comments

A
100

A powerful tool for bulk deleting, filtering, and managing WordPress comments and reviews with ease.

10 No CVEs
Developer Profile

KD Submissions Developer Profile

keydigital1

1 plugin · 90 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect KD Submissions

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/kd-submissions/assets/styles.css/wp-content/plugins/kd-submissions/assets/js/chart.min.js/wp-content/plugins/kd-submissions/assets/js/scripts.js/wp-content/plugins/kd-submissions/assets/js/column-toggle.js/wp-content/plugins/kd-submissions/assets/js/dashboard.js/wp-content/plugins/kd-submissions/referral/referral-scripts.js/wp-content/plugins/kd-submissions/settings/settings-scripts.js
Script Paths
../plugins/kd-submissions/referral/referral-scripts.js../plugins/kd-submissions/settings/settings-scripts.js
Version Parameters
kd-submissions/assets/styles.css?ver=kd-submissions/assets/js/chart.min.js?ver=kd-submissions/assets/js/scripts.js?ver=kd-submissions/assets/js/column-toggle.js?ver=kd-submissions/assets/js/dashboard.js?ver=kd-submissions/referral/referral-scripts.js?ver=kd-submissions/settings/settings-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
keyd-submissions-tablekeyd-submissions-formkeyd-submissions-statuskeyd-submissions-filterkeyd-submissions-paginationkeyd-submissions-dashboardkeyd-submissions-widgetkeyd-submissions-list+1 more
HTML Comments
<!-- KD Submissions: Plugin Bootstrap --><!-- KD Submissions: Assets --><!-- KD Submissions: Frontend Assets --><!-- KD Submissions: Settings Assets -->+6 more
Data Attributes
data-keyd-submissions-iddata-keyd-submissions-fielddata-keyd-submissions-actiondata-keyd-submissions-nonce
JS Globals
wpSubmissionsAjaxKEYD_ASSETS_URLKEYD_SUBMISSIONS_URLKEYD_SUBMISSIONS_VERSION
REST Endpoints
/wp-json/kd-submissions/v1/submissions/wp-json/kd-submissions/v1/submissions/(?P<id>\d+)/wp-json/kd-submissions/v1/statuses/wp-json/kd-submissions/v1/statuses/(?P<id>\d+)/wp-json/kd-submissions/v1/settings
Shortcode Output
[submissions_list][submissions_form][submissions_dashboard][submissions_detail]
FAQ

Frequently Asked Questions about KD Submissions