Marketplaces Security & Risk Analysis
wordpress.org/plugins/marketplacesMarketplaces plugin can be used with Buddypress and BePro Listings for displaying BePro Listings categories as marketplaces on page with shortcode [m …
Is Marketplaces Safe to Use in 2026?
Generally Safe
Score 85/100Marketplaces has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'marketplaces' plugin version 1.1 exhibits a strong security posture based on the provided static analysis. The absence of dangerous functions, raw SQL queries, unescaped output, file operations, and external HTTP requests is commendable. Furthermore, the complete lack of known vulnerabilities, including historical CVEs, suggests a well-maintained and secure codebase. The plugin effectively utilizes prepared statements for its SQL interactions and adheres to proper output escaping, which are crucial security best practices.
However, a critical area of concern arises from the complete absence of nonce checks and capability checks. This indicates a significant potential for Cross-Site Request Forgery (CSRF) and privilege escalation vulnerabilities, especially if the single shortcode entry point handles sensitive operations or user input. While the current attack surface is minimal with only one shortcode and no AJAX or REST API endpoints without authentication, the lack of these fundamental security checks on that entry point represents a considerable risk. The plugin's history of zero vulnerabilities is a positive sign, but it does not negate the identified weaknesses in its current implementation.
In conclusion, while the 'marketplaces' plugin version 1.1 benefits from strong coding practices in areas like SQL and output handling, and a clean vulnerability history, the absence of nonce and capability checks on its shortcode entry point is a substantial security flaw. This oversight leaves the plugin susceptible to attacks that could have been easily mitigated. Addressing these missing checks is paramount to improving its overall security.
Key Concerns
- Missing nonce checks
- Missing capability checks
Marketplaces Security Vulnerabilities
Marketplaces Code Analysis
Marketplaces Attack Surface
Shortcodes 1
Maintenance & Trust
Marketplaces Maintenance & Trust
Maintenance Signals
Community Trust
Marketplaces Alternatives
Directorist: AI-Powered Business Directory, Listings & Classified Ads
directorist
Build any type of directory website such as a business directory, job directory, classifieds directory, and more with this WordPress directory plugin.
Business Directory Plugin – Easy Listing Directories for WordPress
business-directory-plugin
The easy Business Directory Plugin for WordPress. Build an easy team directory, member directory, staff directory, church directory, and more.
Classified Listing – AI-Powered Classified ads & Business Directory Plugin
classified-listing
A Classified ads and Business Directory plugin for WordPress, to create classified listing, real estate directory, local business directory, and more.
GeoDirectory – WP Business Directory Plugin and Classified Listings Directory
geodirectory
A superb WordPress Business Directory plugin to create a local business directory, classified ads directory, or job listings board.
HivePress – Business Directory & Classified Ads Plugin
hivepress
A simple yet powerful plugin to create a business directory, job board, real estate, classified ads, or basically any type of directory website.
Marketplaces Developer Profile
4 plugins · 40 total installs
How We Detect Marketplaces
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
HTML / DOM Fingerprints
marketplacesmarketplace_onemarketplace_twomarketplace_threeonetwothree<div class="marketplaces"><div class="marketplace_one"><ul class="one"><div class="marketplace_two">