Does Orbis have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Orbis compatible with WordPress 4.3.34?

According to WordPress.org data, Orbis 1.3.3 has been tested up to WordPress 4.3.34. Check the plugin's changelog for the latest compatibility information.

How often is Orbis updated?

Orbis was last updated on Oct 9, 2015. Frequent updates are generally a positive security signal.

What is Orbis's security score?

Orbis has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Orbis Security & Risk Analysis

wordpress.org/plugins/orbis

Orbis is a powerful, extendable plugin to boost up your business. Project Management, Customer Relation Management & More...

20 active installs v1.3.3 PHP + WP 3.0+ Updated Oct 9, 2015

intranetorbis

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Orbis Safe to Use in 2026?

Generally Safe

Score 85/100

Orbis has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The 'orbis' plugin v1.3.3 exhibits a generally good security posture with a low risk profile, primarily due to the absence of known vulnerabilities and the developer's adherence to secure coding practices. The code analysis reveals a high percentage of prepared SQL statements and properly escaped output, indicating a strong effort to prevent common web vulnerabilities like SQL injection and cross-site scripting (XSS). The plugin also incorporates nonce and capability checks on its entry points, which is a positive sign of security awareness.

However, there are a few areas that warrant attention. Specifically, the presence of three AJAX handlers without authentication checks represents a potential attack vector. While no taint analysis revealed critical issues, these unprotected AJAX endpoints could be exploited if they handle user-supplied data without proper validation or sanitization. The bundled Select2 library v3.5.1 is also outdated, which might introduce vulnerabilities if known issues exist in that specific version.

Despite these minor concerns, the complete lack of historical CVEs for this plugin is a significant strength. It suggests a commitment to security by the developers or a lack of exploitation attempts. Overall, 'orbis' v1.3.3 appears to be a relatively secure plugin, but addressing the unprotected AJAX endpoints and considering an update for the bundled library would further enhance its security.

Key Concerns

Unprotected AJAX handlers
Bundled outdated library (Select2 v3.5.1)

Vulnerabilities

None known

Orbis Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Orbis Release Timeline

v1.3.3Current

v1.3.2

v1.3.1

v1.3.0

v1.2.2

v1.2.1

v1.2.0

v1.1.1

v1.1.0

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

Orbis Code Analysis

Dangerous Functions

Raw SQL Queries

23 prepared

Unescaped Output

168 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select23.5.1

SQL Query Safety

82% prepared28 total queries

Output Escaping

93% escaped180 total outputs

Attack Surface

3 unprotected

Orbis Attack Surface

Entry Points8

Unprotected3

AJAX Handlers 5

authwp_ajax_orbis_install_pluginclasses\orbis-core-admin.php:43

authwp_ajax_orbis_activate_pluginclasses\orbis-core-admin.php:44

authwp_ajax_company_id_suggestincludes\companies.php:245

authwp_ajax_person_id_suggestincludes\persons.php:100

authwp_ajax_project_id_suggestincludes\projects.php:125

Shortcodes 3

[orbis_projects_active] includes\shortcodes.php:25

[orbis_projects_without_agreement] includes\shortcodes.php:49

[orbis_projects_to_invoice] includes\shortcodes.php:73

WordPress Hooks 51

filtergenerate_rewrite_rulesclasses\orbis-api.php:16

filterquery_varsclasses\orbis-api.php:18

filterwp_loadedclasses\orbis-api.php:20

actionadmin_initclasses\orbis-core-admin.php:35

actionadmin_menuclasses\orbis-core-admin.php:36

actionadmin_enqueue_scriptsclasses\orbis-core-admin.php:38

filtermenu_orderclasses\orbis-core-admin.php:40

filtercustom_menu_orderclasses\orbis-core-admin.php:41

actionshow_user_profileclasses\orbis-core-admin.php:47

actionedit_user_profileclasses\orbis-core-admin.php:48

actionpersonal_options_updateclasses\orbis-core-admin.php:50

actionedit_user_profile_updateclasses\orbis-core-admin.php:51

actioninitclasses\orbis-core-angularjs.php:30

filterlanguage_attributesclasses\orbis-core-angularjs.php:34

actionadmin_initclasses\orbis-core-email.php:7

actionadmin_initclasses\orbis-core-email.php:8

actionorbis_emailclasses\orbis-core-email.php:10

actioninitclasses\orbis-core-plugin.php:11

actionp2p_initclasses\orbis-core-plugin.php:12

actioninitclasses\orbis-core-plugin.php:14

actionwp_enqueue_scriptsclasses\orbis-core-plugin.php:16

actionadmin_initclasses\orbis-core-settings.php:6

actionplugins_loadedclasses\orbis-plugin.php:32

actionadmin_initclasses\orbis-plugin.php:34

actionadmin_initclasses\orbis-plugin.php:35

actionadd_meta_boxesincludes\companies.php:17

actionsave_postincludes\companies.php:76

actionsave_postincludes\companies.php:137

filtermanage_edit-orbis_company_columnsincludes\companies.php:158

actionmanage_posts_custom_columnincludes\companies.php:218

actionorbis_email_headerincludes\email.php:15

actionorbis_email_footerincludes\email.php:24

actionwp_enqueue_scriptsincludes\flot.php:67

actionwidgets_initincludes\log.php:136

actionsave_postincludes\log.php:177

actionadd_meta_boxesincludes\persons.php:17

actionsave_postincludes\persons.php:71

actioninitincludes\post.php:176

filterquery_varsincludes\project.php:18

filterposts_clausesincludes\project.php:103

actionadd_meta_boxesincludes\projects.php:17

actionadmin_enqueue_scriptsincludes\projects.php:35

filterpost_classincludes\projects.php:142

actionsave_postincludes\projects.php:233

actionorbis_project_finished_updateincludes\projects.php:264

actionsave_postincludes\projects.php:357

filtermanage_edit-orbis_project_columnsincludes\projects.php:377

actionmanage_posts_custom_columnincludes\projects.php:413

actionpre_get_postsincludes\projects.php:428

actionorbis_bootstraporbis.php:48

filterposts_wheretemplates\projects-without-agreement.php:10

Scheduled Events 1

orbis_email

Maintenance & Trust

Orbis Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34

Last updatedOct 9, 2015

PHP min version

Downloads21K

Community Trust

Rating86/100

Number of ratings6

Active installs20

Alternatives

Orbis Alternatives

Intranet & Private Site – All-In-One Intranet

all-in-one-intranet

100

Private intranet in one click. Auto-logout for security, login redirect, and multisite privacy controls included.

4K No CVEs

Employee Directory – Staff & Team Directory

employee-directory

Flexible employee directory with enterprise add-ons for LDAP / Active Directory, Microsoft Entra ID (Azure AD) and Premium features like org charts.

100 1 unpatched

Orbisius Simple Notice

orbisius-simple-notice

This plugin allows you to show a simple notice to alert your users about server maintenance, new product launches etc.

100 1 CVE

Intranet and Extranet with O365 Login

o365-wp-restrict

100

Intranet and Extranet Portal for Office 365,Dynamics CRM and Other Third Party Identity Providers.

50 No CVEs

wpNamedUsers

wpnamedusers

Intranet / Extranet plugin for Wordpress that allows users to specify which users and/or groups can access specific posts or pages.

50 1 unpatched

Developer Profile

Orbis Developer Profile

Pronamic

16 plugins · 5K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

6 days

View full developer profile

Detection Fingerprints

How We Detect Orbis

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/orbis/admin/css/orbis.css/wp-content/plugins/orbis/includes/js/orbis-plugins.js

Script Paths

/wp-content/plugins/orbis/includes/js/orbis-plugins.js

Version Parameters

orbis/admin/css/orbis.css?ver=orbis/includes/js/orbis-plugins.js?ver=

HTML / DOM Fingerprints

CSS Classes

orbis-user

Data Attributes

name="orbis_user"id="orbis_user"

JS Globals

orbis_plugins_script_strings

FAQ