WP-Safety

Nonprofit Board Management Security & Risk Analysis

wordpress.org/plugins/nonprofit-board-management

A simple, free way to manage your nonprofit’s board.

100 active installs v1.3.1 PHP + WP 3.0+ Updated Dec 30, 2025
board-governanceboardsdirectorsnon-profitsnonprofits
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Nonprofit Board Management Safe to Use in 2026?

Generally Safe

Score 100/100

Nonprofit Board Management has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "nonprofit-board-management" plugin version 1.3.1 exhibits a generally good security posture, with no known vulnerabilities in its history and a proactive approach to security checks like nonces and capability checks. The static analysis shows a low attack surface with all identified entry points protected by authentication checks. However, there are areas that warrant attention. A significant concern is the taint analysis revealing two flows with unsanitized paths, categorized as high severity. This indicates potential for injection vulnerabilities if these paths are improperly handled. Additionally, while the majority of SQL queries use prepared statements, 33% do not, posing a risk of SQL injection if these queries involve user-supplied data. The output escaping also shows a concerning 42% of outputs are not properly escaped, which could lead to Cross-Site Scripting (XSS) vulnerabilities.

Key Concerns

  • Taint flows with unsanitized paths (high severity)
  • SQL queries not using prepared statements
  • Output escaping is not properly implemented
Vulnerabilities
None known

Nonprofit Board Management Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Nonprofit Board Management Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
2 prepared
Unescaped Output
45
63 escaped
Nonce Checks
7
Capability Checks
14
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

33% prepared6 total queries

Output Escaping

58% escaped108 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths
get_full_description (includes\class-board-events.php:847)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Nonprofit Board Management Attack Surface

Entry Points5
Unprotected0

AJAX Handlers 4

authwp_ajax_get_full_descriptionincludes\class-board-events.php:80
authwp_ajax_rsvpincludes\class-board-events.php:83
authwp_ajax_show_all_attendeesincludes\class-board-events.php:86
authwp_ajax_allow_user_to_servenonprofit-board-management.php:83

Shortcodes 1

[list_board_members] nonprofit-board-management.php:96
WordPress Hooks 48
actioninitincludes\class-board-committees.php:19
actionadmin_initincludes\class-board-committees.php:20
actionsave_postincludes\class-board-committees.php:21
filtermap_meta_capincludes\class-board-committees.php:24
actionadmin_headincludes\class-board-committees.php:27
actionadmin_head-post.phpincludes\class-board-committees.php:30
actionadmin_head-post-new.phpincludes\class-board-committees.php:31
filterpost_row_actionsincludes\class-board-committees.php:34
filterpost_updated_messagesincludes\class-board-committees.php:37
filtermanage_edit-board_committees_columnsincludes\class-board-committees.php:40
actionmanage_board_committees_posts_custom_columnincludes\class-board-committees.php:41
filteruser_contactmethodsincludes\class-board-committees.php:44
actionshow_user_profileincludes\class-board-committees.php:47
actionedit_user_profileincludes\class-board-committees.php:48
actionpersonal_options_updateincludes\class-board-committees.php:51
actionedit_user_profile_updateincludes\class-board-committees.php:52
actionwp_dashboard_setupincludes\class-board-committees.php:55
actionadmin_enqueue_scriptsincludes\class-board-events.php:43
actionadmin_enqueue_scriptsincludes\class-board-events.php:44
actioninitincludes\class-board-events.php:47
actionadmin_initincludes\class-board-events.php:48
actionload-post.phpincludes\class-board-events.php:49
actionsave_postincludes\class-board-events.php:50
filtermap_meta_capincludes\class-board-events.php:53
actionadmin_headincludes\class-board-events.php:56
actionadmin_head-post.phpincludes\class-board-events.php:59
actionadmin_head-post-new.phpincludes\class-board-events.php:60
filterpost_row_actionsincludes\class-board-events.php:63
filterpost_updated_messagesincludes\class-board-events.php:66
filterparse_queryincludes\class-board-events.php:69
filterviews_edit-board_eventsincludes\class-board-events.php:70
filtermanage_edit-board_events_columnsincludes\class-board-events.php:71
actionmanage_board_events_posts_custom_columnincludes\class-board-events.php:72
filtermanage_edit-board_events_sortable_columnsincludes\class-board-events.php:73
actionload-edit.phpincludes\class-board-events.php:74
actionwp_dashboard_setupincludes\class-board-events.php:77
filterrequestincludes\class-board-events.php:813
actionplugins_loadednonprofit-board-management.php:54
actionwp_initialize_sitenonprofit-board-management.php:60
actionwp_dashboard_setupnonprofit-board-management.php:64
actionadmin_menunonprofit-board-management.php:67
actionadmin_enqueue_scriptsnonprofit-board-management.php:70
actionadmin_enqueue_scriptsnonprofit-board-management.php:71
actionwp_dashboard_setupnonprofit-board-management.php:74
actionin_admin_headernonprofit-board-management.php:77
actionadmin_noticesnonprofit-board-management.php:80
filtermap_meta_capnonprofit-board-management.php:88
filterlogin_redirectnonprofit-board-management.php:93
Maintenance & Trust

Nonprofit Board Management Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 30, 2025
PHP min version
Downloads23K

Community Trust

Rating74/100
Number of ratings3
Active installs100
Alternatives

Nonprofit Board Management Alternatives

Wired Impact Volunteer Management

Wired Impact Volunteer Management

wired-impact-volunteer-management

A
98

A free, easy way to manage your nonprofit's volunteers.

1K 2 CVEs
Donorbox – Free Recurring Donation Plugin and Fundraising Platform

Donorbox – Free Recurring Donation Plugin and Fundraising Platform

donorbox-donation-form

A
99

Donorbox is a powerful and secure donation management plugin for WordPress. We are the only donation plugin for WordPress that offers a fast feature-f …

9K 2 CVEs
MSTW Schedules & Scoreboards

MSTW Schedules & Scoreboards

mstw-schedules-scoreboards

A
92

Manages multiple sports team schedules and scoreboards. Displays schedule tables, schedule sliders, scoreboards, and countdown timers.

100 No CVEs
myCred BP Group Leaderboards

myCred BP Group Leaderboards

mycred-bp-group-leaderboards

A
100

📢🚨 Important Notice: myCred BP Group Leaderboards is now part of the myCred Toolkit and will no longer receive updates here.

80 No CVEs
Callsheet

Callsheet

callsheet

A
85

Callsheet allows you to add actors/actresses/directors and their details to show them to end users.

10 No CVEs
Developer Profile

Nonprofit Board Management Developer Profile

Wired Impact

2 plugins · 1K total installs

93
trust score
Avg Security Score
99/100
Avg Patch Time
10 days
View full developer profile
Detection Fingerprints

How We Detect Nonprofit Board Management

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/nonprofit-board-management/admin.css/wp-content/plugins/nonprofit-board-management/admin.js
Script Paths
/wp-content/plugins/nonprofit-board-management/admin.js
Version Parameters
nonprofit-board-management/admin.css?ver=nonprofit-board-management/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
wi-board-management-dashboard-widget
Data Attributes
data-user-id
JS Globals
winbm_admin_ajax_nonce
Shortcode Output
[list_board_members]
FAQ

Frequently Asked Questions about Nonprofit Board Management