WP-Safety

Namasha By Mdesign Security & Risk Analysis

wordpress.org/plugins/namasha-by-mdesign

نمایش حرفه ای ویدیو های پلتفرم نماشا + آپارات در وردپرس (+ویجت المنتور و گوتنبرگ)

100 active installs v1.2.06 PHP 7.3+ WP + Updated Aug 6, 2025
aparatnamasha%d9%86%d9%85%d8%a7%d8%b4%d8%a7video%d8%a2%d9%be%d8%a7%d8%b1%d8%a7%d8%aa
99
A · Safe
CVEs total1
Unpatched0
Last CVEJun 25, 2025
Plugin page Download
Safety Verdict

Is Namasha By Mdesign Safe to Use in 2026?

Generally Safe

Score 99/100

Namasha By Mdesign has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jun 25, 2025Updated 8mo ago
Risk Assessment

The "namasha-by-mdesign" plugin v1.2.06 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively, and shows no instances of file operations or external HTTP requests. The plugin also leverages TinyMCE, a common and generally well-maintained bundled library. However, significant concerns arise from the attack surface analysis, which reveals two unprotected AJAX handlers. Furthermore, the taint analysis identified one flow with unsanitized paths, although it was not classified as critical or high severity in this instance. The vulnerability history, while showing no currently unpatched CVEs, does include one past medium severity vulnerability related to Cross-site Scripting. This suggests a potential for input validation issues that require careful attention.

Key Concerns

  • Unprotected AJAX handlers found
  • Taint flow with unsanitized paths
  • Past medium severity XSS vulnerability history
  • Low percentage of properly escaped output
  • Missing nonce checks on AJAX handlers
Vulnerabilities
1

Namasha By Mdesign Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-6537medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Namasha By Mdesign <= 1.2.00 - Authenticated (Contributor+) Stored Cross-Site Scripting via playicon_title Parameter

Jun 25, 2025 Patched in 1.2.05 (47d)
Code Analysis
Analyzed Mar 16, 2026

Namasha By Mdesign Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
53
142 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

TinyMCE

Output Escaping

73% escaped195 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<settingspage> (admin\settingspage.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Namasha By Mdesign Attack Surface

Entry Points4
Unprotected2

AJAX Handlers 2

authwp_ajax_namashabymdz_emptyOptions_AjaxConfadmin\admin-ajax.php:47
authwp_ajax_namashabymdz_nightMode_ajaxadmin\admin-ajax.php:68

Shortcodes 2

[namashabymdz] front\class-core.php:26
[aparat] front\class-core.php:40
WordPress Hooks 13
actionadmin_menuadmin\class-admin.php:35
actionenqueue_block_editor_assetsadmin\class-admin.php:43
actionadmin_footeradmin\class-admin.php:96
actionadmin_footeradmin\class-admin.php:117
actionadmin_headadmin\class-admin.php:190
filtermce_buttonsadmin\class-admin.php:191
actionadmin_headadmin\class-admin.php:192
filtermce_external_pluginsadmin\class-admin.php:230
actionelementor/widgets/registerfront\class-core.php:31
actionplugins_loadedfront\class-core.php:37
actioninitincludes\guten-blocks.php:21
actionenqueue_block_editor_assetsincludes\guten-blocks.php:23
actioninitnamasha-by-mdesign.php:60
Maintenance & Trust

Namasha By Mdesign Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 6, 2025
PHP min version7.3
Downloads70K

Community Trust

Rating100/100
Number of ratings1
Active installs100
Alternatives

Namasha By Mdesign Alternatives

Aparat for WordPress

Aparat for WordPress

wp-aparat

A
92

Displaying Aparat videos on website content, along with a widget for showing a list of channel videos.

4K 1 CVE
Aparat WordPress Video Feed Plugin

Aparat WordPress Video Feed Plugin

aparat-feed

A
100

Easily display the latest videos from any Aparat channel on your WordPress site with a lightweight, fast and responsive Aparat video WordPress plugin.

70 No CVEs
Aparat Videos RSS Reader | GRAD

Aparat Videos RSS Reader | GRAD

grad-aparat-rss

A
85

دریافت آر.اس.اس کانال آپارات و نمایش (به ترتیب یا تصادفی) ویدئوهای کانال آپارات، در ویجت‌های وردپرس. Widgets for listing videos uploaded to Aparat.

70 No CVEs
Aparat Embed

Aparat Embed

aparat-embed

A
85

Display Aparat videos and channels in WordPress.

60 No CVEs
Aparat Video Shortcode

Aparat Video Shortcode

aparat-shortcode

C
63

Add [aparat] shortcode to WordPress for easy video sharing in WordPress

50 1 unpatched
Developer Profile

Namasha By Mdesign Developer Profile

MDZ

4 plugins · 730 total installs

88
trust score
Avg Security Score
100/100
Avg Patch Time
87 days
View full developer profile
Detection Fingerprints

How We Detect Namasha By Mdesign

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/namasha-by-mdesign/admin/css/guten-styles.css
Version Parameters
namasha-by-mdesign/admin/css/guten-styles.css?ver=

HTML / DOM Fingerprints

CSS Classes
namashabymdz_admin_class
JS Globals
namasha-settingsnamashabymdz_redirect_onActivatenamashabymdz_emptyOptions_AjaxConfnoguten_nwmdz
FAQ

Frequently Asked Questions about Namasha By Mdesign