WP-Safety

MiniMU Security & Risk Analysis

wordpress.org/plugins/minimu

Manage multiple blogs with a single standard WordPress installation. Each may have its own theme and domain while sharing users and administration.

10 active installs v0.6.9 PHP + WP 3.0.0+ Updated Jun 17, 2014
domaindomainsmultiplethemethemes
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is MiniMU Safe to Use in 2026?

Generally Safe

Score 85/100

MiniMU has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The "minimu" plugin v0.6.9 presents a concerning security posture due to significant weaknesses in its code analysis. The presence of an unprotected AJAX handler is a critical entry point that could be exploited by attackers. Furthermore, the complete lack of nonce checks and capability checks on this handler amplifies the risk, making it trivial to trigger potentially malicious actions. The use of the `create_function` is also a red flag, as it can lead to code injection vulnerabilities if not handled with extreme care. While the plugin has no recorded vulnerability history, this is not an indicator of robust security. It may simply mean that no vulnerabilities have been discovered or reported yet. The complete absence of properly escaped output for nearly half of the identified outputs is a significant concern, opening the door for Cross-Site Scripting (XSS) attacks. The raw SQL queries without prepared statements also pose a risk of SQL injection. Overall, the plugin exhibits several fundamental security flaws that require immediate attention.

Key Concerns

  • Unprotected AJAX handler
  • Missing nonce checks
  • Missing capability checks
  • Use of dangerous function: create_function
  • SQL queries without prepared statements
  • Insufficient output escaping
  • Unsanitized taint flows
Vulnerabilities
None known

MiniMU Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

MiniMU Code Analysis

Dangerous Functions
1
Raw SQL Queries
2
0 prepared
Unescaped Output
25
21 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_functionadd_action('widgets_init', create_function('', 'return register_widget("MiniMU_blog_list_widget");')minimu.class.php:144

SQL Query Safety

0% prepared2 total queries

Output Escaping

46% escaped46 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
admin_init (minimu.class.php:1185)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

MiniMU Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_minimu_add_domain_clickminimu.class.php:1207
WordPress Hooks 34
filtersite_urlminimu.class.php:101
filteroption_siteurlminimu.class.php:102
filtercontent_urlminimu.class.php:103
filteroption_blognameminimu.class.php:104
filteroption_homeminimu.class.php:105
filteroption_blogdescriptionminimu.class.php:106
filteroption_templateminimu.class.php:107
filteroption_stylesheetminimu.class.php:108
filtertemplateminimu.class.php:109
filterallowed_http_originsminimu.class.php:110
filterpost_linkminimu.class.php:115
filtergetarchives_whereminimu.class.php:116
filtergetarchives_joinminimu.class.php:117
filterposts_whereminimu.class.php:118
filterposts_joinminimu.class.php:119
filterposts_joinminimu.class.php:120
filterposts_groupbyminimu.class.php:121
filterget_previous_post_whereminimu.class.php:123
filterget_previous_post_joinminimu.class.php:124
filterget_next_post_whereminimu.class.php:125
filterget_next_post_joinminimu.class.php:126
filtercategory_linkminimu.class.php:130
filterthe_contentminimu.class.php:131
filterthe_excerptminimu.class.php:132
filtercomments_clausesminimu.class.php:134
filterlist_terms_exclusionsminimu.class.php:136
actionadmin_initminimu.class.php:140
actionadmin_menuminimu.class.php:141
actionwidgets_initminimu.class.php:144
filtermanage_edit-category_columnsminimu.class.php:152
actionmanage_category_custom_columnminimu.class.php:153
filterget_pagesminimu.class.php:155
actioninitminimu.class.php:156
actionadmin_headminimu.class.php:1206
Maintenance & Trust

MiniMU Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2
Last updatedJun 17, 2014
PHP min version
Downloads8K

Community Trust

Rating60/100
Number of ratings2
Active installs10
Alternatives

MiniMU Alternatives

Multiple Domain

Multiple Domain

multiple-domain

A
85

This plugin allows you to have multiple domains in a single Wordpress installation and enables custom redirects for each domain.

10K 1 CVE
Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional)

Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional)

domain-mapping-system

A
100

Domain Mapping System is the most powerful way to manage alias domains and map them to any published resource - creating Microsites with ease!

2K No CVEs
Delete Multiple Themes

Delete Multiple Themes

delete-multiple-themes

A
85

Enable the administrator to delete multiple themes in one click.

1K No CVEs
WP Hydra

WP Hydra

wp-hydra

A
85

Allows one WordPress installation to be resolved and browsed at multiple domains.

1K No CVEs
Multiple Domains with Analytics

Multiple Domains with Analytics

multiple-domains-with-analytics

A
85

The Multiple Domains with Analytics plugin allows Wordpress to be mirrored across multiple domain names. This requires your DNS settings to be configu …

100 No CVEs
Developer Profile

MiniMU Developer Profile

shelkie

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect MiniMU

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/minimu/css/minimu-style.css/wp-content/plugins/minimu/js/minimu.js
Script Paths
/wp-content/plugins/minimu/js/minimu.js
Version Parameters
minimu/css/minimu-style.css?ver=minimu.js?ver=

HTML / DOM Fingerprints

CSS Classes
minimu-blog-list-widget
FAQ

Frequently Asked Questions about MiniMU