WP-Safety

Multisite Directory Security & Risk Analysis

wordpress.org/plugins/multisite-directory

Add a browseable, flexible directory of the sites in a WP Multisite network. Each subsite gets its own page.

10 active installs v0.2.3 PHP + WP 4.6+ Updated Jun 16, 2017
multisitenetworkpoststaxonomy
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Multisite Directory Safe to Use in 2026?

Generally Safe

Score 85/100

Multisite Directory has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The multisite-directory plugin exhibits a generally positive security posture, with no identified vulnerabilities in its history and no critical findings in the static analysis. The absence of known CVEs and the plugin's clean vulnerability record are strong indicators of ongoing security maintenance and good development practices. The static analysis also reveals a low attack surface, with all identified entry points (shortcodes) not explicitly requiring authentication checks, which is a positive sign. Furthermore, the plugin demonstrates good practices by utilizing prepared statements for its single SQL query and largely escaping output, although there's room for improvement in the latter.

However, several areas warrant attention. The complete lack of nonce checks and capability checks across all entry points is a significant concern. While the static analysis found no unprotected entry points, this could be a limitation of the analysis itself, or it might mean that the shortcode relies on implicit WordPress checks or sanitization that isn't immediately obvious. The fact that only 50% of output is properly escaped suggests a potential for cross-site scripting (XSS) vulnerabilities, particularly if the unescaped outputs handle user-supplied data. Without proper nonce and capability checks, even seemingly benign shortcodes could be leveraged in conjunction with XSS to perform unauthorized actions. The absence of taint analysis results is also noteworthy; while it might indicate no issues, it could also mean the analysis couldn't be performed effectively for this plugin's code.

Key Concerns

  • 0 Nonce checks on entry points
  • 0 Capability checks on entry points
  • 50% of output not properly escaped
  • No taint analysis results available
Vulnerabilities
None known

Multisite Directory Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Multisite Directory Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
1 prepared
Unescaped Output
22
22 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared1 total queries

Output Escaping

50% escaped44 total outputs
Attack Surface

Multisite Directory Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[site-directory] includes\class-multisite-directory-shortcode.php:313
WordPress Hooks 17
actionload-post.phpincludes\class-multisite-directory-entry.php:102
actionadmin_enqueue_scriptsincludes\class-multisite-directory-taxonomy.php:66
actionrestrict_manage_postsincludes\class-multisite-directory-taxonomy.php:71
actioninitmultisite-directory.php:47
actionplugins_loadedmultisite-directory.php:48
actionwidgets_initmultisite-directory.php:49
actionadmin_enqueue_scriptsmultisite-directory.php:50
actionwp_enqueue_scriptsmultisite-directory.php:51
actionwpmu_new_blogmultisite-directory.php:53
actiondelete_blogmultisite-directory.php:54
actionupdate_option_blognamemultisite-directory.php:55
actionwpmu_optionsmultisite-directory.php:56
actionupdate_wpmu_optionsmultisite-directory.php:57
actionnetwork_admin_menumultisite-directory.php:58
actionsignup_blogformmultisite-directory.php:59
actionnetwork_site_new_formmultisite-directory.php:60
filterdashboard_glance_itemsmultisite-directory.php:62
Maintenance & Trust

Multisite Directory Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28
Last updatedJun 16, 2017
PHP min version
Downloads5K

Community Trust

Rating66/100
Number of ratings4
Active installs10
Alternatives

Multisite Directory Alternatives

WP Over Network

WP Over Network

wp-over-network

A
85

Add ability to get posts from over your network sites. Supports widget, shortcode, and customizable original function.

90 No CVEs
Multisite Post Cloner

Multisite Post Cloner

multisite-post-cloner

A
92

Multisite Post Cloner allows you to clone posts and pages across sites in your WordPress multisite network.

10 No CVEs
Multisite Taxonomy Widget

Multisite Taxonomy Widget

multisite-taxonomy-widget

A
100

List the latest posts of a specific taxonomy from your blog-network.

10 No CVEs
Toggle Admin Bar Menu

Toggle Admin Bar Menu

toggle-admin-bar-menu

A
92

Replaces the WordPress admin bar menu with a compact menu icon. Clicking the icon toggles the visibility of the full admin bar.

10 No CVEs
Multisite Network Repost

Multisite Network Repost

multisite-network-repost

A
85

Repost your stories to selected sites in the multisite network, preserving attachments, custom fields, categories, tags etc.

0 No CVEs
Developer Profile

Multisite Directory Developer Profile

Meitar

13 plugins · 2K total installs

85
trust score
Avg Security Score
87/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Multisite Directory

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/multisite-directory/vendor/leaflet/dist/leaflet.css/wp-content/plugins/multisite-directory/vendor/leaflet/dist/leaflet.js

HTML / DOM Fingerprints

Data Attributes
name="multisite-directory-auto-update-entry-title"
FAQ

Frequently Asked Questions about Multisite Directory