Organisation Frontpage Security & Risk Analysis
wordpress.org/plugins/org-frontpagePermet de choisir et agencer les posts de la frontpage.
Is Organisation Frontpage Safe to Use in 2026?
Generally Safe
Score 92/100Organisation Frontpage has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "org-frontpage" plugin v2.0.7 exhibits a generally good security posture with no known historical vulnerabilities (CVEs) and a limited attack surface. The complete absence of AJAX handlers, REST API routes, shortcodes, and cron events without authentication or permission checks is a significant strength, indicating a deliberate effort to minimize entry points for potential attacks. Furthermore, all SQL queries are prepared, which is an excellent practice for preventing SQL injection vulnerabilities.
However, there are areas of concern within the code. The static analysis reveals that only 6% of output is properly escaped, which is alarmingly low. This suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts could be injected into the website through unescaped output. While taint analysis did not flag critical or high-severity issues, the presence of one flow with unsanitized paths warrants attention, as it could potentially lead to other security flaws if not properly addressed, especially in conjunction with the poor output escaping.
The plugin's lack of recorded vulnerabilities is a positive sign, but this should not lead to complacency, especially given the significant weakness in output escaping. The strengths lie in its minimal attack surface and secure SQL handling. The primary weakness is the insufficient output escaping, which presents a clear and present danger for XSS attacks. A balanced conclusion would be that while the plugin is architected with some secure principles, the prevalent lack of output escaping drastically undermines its overall security and requires immediate attention.
Key Concerns
- Low percentage of properly escaped output
- Flow with unsanitized paths identified
Organisation Frontpage Security Vulnerabilities
Organisation Frontpage Code Analysis
Output Escaping
Data Flow Analysis
Organisation Frontpage Attack Surface
WordPress Hooks 6
Maintenance & Trust
Organisation Frontpage Maintenance & Trust
Maintenance Signals
Community Trust
Organisation Frontpage Alternatives
Utimate Kit ( Styler ) for WPForms
styler-for-wpforms
Ultimate Kit for WPForms makes the task of designing WPForms an easy one.
Canvas
canvas
A revolutionary block-based page builder used for building layouts, an interplay of the WordPress block editor features and exceptional UI design.
Custom Post Template
custom-post-template
Provides a drop-down to select different templates for posts from the post edit screen. The templates replace single.php for the specified post.
Demo Importer Plus
demo-importer-plus
Import the demo content, widgets, customizer settings and theme settings with a single click without any hassle.
HookMeUp for WooCommerce
hookmeup
Additional content and Customization for WooCommerce Templates.
Organisation Frontpage Developer Profile
1 plugin · 10 total installs
How We Detect Organisation Frontpage
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
HTML / DOM Fingerprints
box-org-frontpageoptiontableArticles Rang de l'article (défini par le nom de la méta donnée de wp-options)ici on pourrait vérifier que le post n'a pas de parent. Et le cas échéant remplacer l'ID du post par l'ID du parent (semble inutile)We'll use this nonce field later on when saving.+2 morename="rang_frontpage"id="rang_frontpage"name="organisation_frontpage"value="organisation_frontpage"