WP-Safety

Multiple Domain Security & Risk Analysis

wordpress.org/plugins/multiple-domain

This plugin allows you to have multiple domains in a single Wordpress installation and enables custom redirects for each domain.

10K active installs v1.0.7 PHP + WP 4.0+ Updated Apr 11, 2021
domainsmultipleredirect
85
A · Safe
CVEs total1
Unpatched0
Last CVEJan 25, 2020
Plugin page Download
Safety Verdict

Is Multiple Domain Safe to Use in 2026?

Generally Safe

Score 85/100

Multiple Domain has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 25, 2020Updated 4yr ago
Risk Assessment

The 'multiple-domain' plugin v1.0.7 presents a mixed security posture. While it boasts no known unpatched vulnerabilities and its SQL queries are properly prepared, several concerning patterns emerge from the static analysis. The plugin utilizes the 'assert' function four times, which is considered a dangerous function that can be exploited for code execution if not carefully handled. Furthermore, a significant weakness is the lack of capability checks and nonce checks, particularly given it has entry points like shortcodes. The output escaping is also very low at only 15%, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities where user-supplied data might be rendered directly in the browser without proper sanitization. Although the plugin has a history of medium severity CVEs, the fact that the last one was in 2020 and there are no currently unpatched issues is a positive sign. However, the combination of dangerous functions, weak authorization checks, and poor output escaping, despite a clean vulnerability history, warrants caution.

Key Concerns

  • Dangerous function 'assert' used
  • Low output escaping percentage
  • Missing nonce checks
  • Missing capability checks
  • One medium severity CVE historically
Vulnerabilities
1

Multiple Domain Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

WF-b9f5b68f-bf81-4157-920a-f14eb29390a6-multiple-domainmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Multiple Domain <= 1.0.2 - Cross-Site Scripting

Jan 25, 2020 Patched in 1.0.3 (1459d)
Code Analysis
Analyzed Mar 16, 2026

Multiple Domain Code Analysis

Dangerous Functions
4
Raw SQL Queries
0
0 prepared
Unescaped Output
11
2 escaped
Nonce Checks
0
Capability Checks
0
File Operations
1
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

assertassert(isset($fields) && isset($fieldsToAdd));views\domains.php:6
assertassert(isset($count) && isset($protocol) && isset($host) && isset($base) && isset($langField));views\fields.php:6
assertassert(isset($count) && isset($locales) && isset($lang));views\lang.php:6
assertassert(isset($ignoreDefaultPorts) && isset($addCanonical));views\options.php:6

Output Escaping

15% escaped13 total outputs
Attack Surface

Multiple Domain Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[multiple_domain] MultipleDomain.php:274
WordPress Hooks 19
actioninitMultipleDomain.php:229
actionwp_headMultipleDomain.php:230
actionwp_headMultipleDomain.php:231
actionplugins_loadedMultipleDomain.php:232
actionactivated_pluginMultipleDomain.php:233
actionwpseo_register_extra_replacementsMultipleDomain.php:234
filtercontent_urlMultipleDomain.php:247
filteroption_siteurlMultipleDomain.php:248
filteroption_homeMultipleDomain.php:249
filterplugins_urlMultipleDomain.php:250
filterwp_get_attachment_urlMultipleDomain.php:251
filterget_the_guidMultipleDomain.php:252
filterupload_dirMultipleDomain.php:255
filterthe_contentMultipleDomain.php:256
filterallowed_http_originsMultipleDomain.php:257
filterbody_classMultipleDomain.php:260
filterget_canonical_urlMultipleDomain.php:263
actionadmin_initMultipleDomainSettings.php:49
actionadmin_enqueue_scriptsMultipleDomainSettings.php:50
Maintenance & Trust

Multiple Domain Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15
Last updatedApr 11, 2021
PHP min version
Downloads144K

Community Trust

Rating96/100
Number of ratings28
Active installs10K
Alternatives

Multiple Domain Alternatives

Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional)

Domain Mapping System | Create Microsites with Multiple Alias Domains (multisite optional)

domain-mapping-system

A
100

Domain Mapping System is the most powerful way to manage alias domains and map them to any published resource - creating Microsites with ease!

2K No CVEs
WP Hydra

WP Hydra

wp-hydra

A
85

Allows one WordPress installation to be resolved and browsed at multiple domains.

1K No CVEs
Multiple Domains with Analytics

Multiple Domains with Analytics

multiple-domains-with-analytics

A
85

The Multiple Domains with Analytics plugin allows Wordpress to be mirrored across multiple domain names. This requires your DNS settings to be configu &hellip;

100 No CVEs
Fix Multiple Redirects

Fix Multiple Redirects

fix-multiple-redirects

C
63

Fix multiple redirects and canonical redirects. And increase speed of wordpress fine url recognition for SEO by .htaccess file.

40 1 unpatched
Proper Redirect

Proper Redirect

proper-redirect

A
85

Redirects you to the proper URL of the website. In case of stumbling upon a working alias.

20 No CVEs
Developer Profile

Multiple Domain Developer Profile

Javik

2 plugins · 10K total installs

69
trust score
Avg Security Score
85/100
Avg Patch Time
1459 days
View full developer profile
Detection Fingerprints

How We Detect Multiple Domain

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/multiple-domain/assets/css/settings.css/wp-content/plugins/multiple-domain/assets/js/settings.js
Script Paths
/wp-content/plugins/multiple-domain/assets/js/settings.js
Version Parameters
multiple-domain/assets/css/settings.css?ver=multiple-domain/assets/js/settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
multiple-domain-settings-domain-hostmultiple-domain-settings-domain-basemultiple-domain-settings-domain-langmultiple-domain-settings-domain-protocol
FAQ

Frequently Asked Questions about Multiple Domain