Does Participants Database have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Participants Database compatible with WordPress 6.8.5?

According to WordPress.org data, Participants Database 2.7.8.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Participants Database compatible with PHP 7.4+?

Participants Database requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Participants Database updated?

Participants Database was last updated on Nov 4, 2025. Frequent updates are generally a positive security signal.

What is Participants Database's security score?

Participants Database has a WP-Safety security score of 87/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Participants Database Security & Risk Analysis

wordpress.org/plugins/participants-database

Build and maintain a fully customizable database of participants, members or anything with signup forms, admin backend, custom lists, and CSV support.

7K active installs v2.7.8.1 PHP 7.4+ WP 5.0+ Updated Nov 4, 2025

databasedirectorylistingmailing-listsignup

A · Safe

CVEs total9

Unpatched0

Last CVESep 22, 2025

Plugin page Download

Safety Verdict

Is Participants Database Safe to Use in 2026?

Generally Safe

Score 87/100

Participants Database has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

9 known CVEsLast CVE: Sep 22, 2025Updated 6mo ago

Risk Assessment

The "participants-database" plugin v2.7.8.1 presents a mixed security posture. While it demonstrates good practices in SQL query handling (87% prepared) and output escaping (90% escaped), and has no currently unpatched CVEs, significant concerns remain. The plugin has a history of 9 known CVEs, including a past critical and two high-severity vulnerabilities, indicating a pattern of past security weaknesses that required remediation. The presence of two AJAX handlers without authorization checks represents a direct and accessible attack vector, especially given the plugin's history of authorization and CSRF vulnerabilities.

Static analysis reveals a small but concerning attack surface with 2 out of 3 entry points lacking authentication. Taint analysis, while showing no critical or high severity flows, did identify one flow with unsanitized paths, which warrants investigation. The high number of file operations (19) and external HTTP requests (1) also represent potential avenues for exploitation if not handled securely. The plugin's past vulnerability types, including deserialization, missing authorization, and SQL injection, directly align with the identified unprotected AJAX handlers. A balanced view shows strengths in code sanitization but significant weaknesses in access control for critical entry points and a concerning vulnerability history.

Key Concerns

2 AJAX handlers without authorization checks
1 unsanitized path identified in taint analysis
9 known CVEs, including 1 critical and 2 high
Vulnerability history includes Deserialization, Missing Auth, CSRF, SQLi

Vulnerabilities

9 published

Participants Database Security Vulnerabilities

CVEs by Year

1 CVE in 2014

2014

1 CVE in 2017

2017

1 CVE in 2020

2020

4 CVEs in 2023

2023

1 CVE in 2024

2024

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

9 total CVEs

CVE-2025-58008medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Participants Database <= 2.7.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 22, 2025 Patched in 2.7.7 (19d)

CVE-2024-43141high · 8.1Deserialization of Untrusted Data

Participants Database <= 2.5.9.2 - Unauthenticated PHP Object Injection

Aug 7, 2024 Patched in 2.5.9.3 (8d)

CVE-2023-48751medium · 5.3Missing Authorization

Participants Database <= 2.5.5 - Missing Authorization

Nov 27, 2023 Patched in 2.5.6 (57d)

WF-a52015fe-c4df-46a6-8f23-b33730797f4c-participants-databasemedium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Participants Database <= 2.4.9 - Authenticated(Administrator+) Stored Cross-Site Scripting via plugin settings

May 3, 2023 Patched in 2.5 (265d)

CVE-2023-31235medium · 5.4Cross-Site Request Forgery (CSRF)

Participants Database <= 2.4.9 - Cross-Site Request Forgery via _process_general

May 3, 2023 Patched in 2.5.0 (265d)

CVE-2022-47612medium · 4.3Cross-Site Request Forgery (CSRF)

Participants Database <= 2.4.5 - Cross Site Request Forgery

Jan 20, 2023 Patched in 2.4.6 (368d)

CVE-2020-8596high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Participants Database <= 1.9.5.5 - SQL Injection

Feb 10, 2020 Patched in 1.9.5.6 (1443d)

CVE-2017-14126medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Participants Database <= 1.7.5.9 - Unauthorized Cross-Site Scripting

Sep 6, 2017 Patched in 1.7.5.10 (2330d)

CVE-2014-3961critical · 9.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Participants Database < 1.5.4.9 - SQL Injection

Jun 2, 2014 Patched in 1.5.4.9 (3522d)

Version History

Participants Database Release Timeline

v2.7.8.1Current

v2.7.8

v2.7.7

v2.7.6.31 CVE

v2.7.6.21 CVE

v2.7.6.11 CVE

v2.7.61 CVE

v2.7.5.11 CVE

v2.7.51 CVE

v2.7.41 CVE

v2.7.31 CVE

v2.7.21 CVE

v2.7.11 CVE

v2.71 CVE

v2.6.21 CVE

v2.6.11 CVE

v2.61 CVE

v2.5.101 CVE

v2.5.9.51 CVE

v2.5.9.41 CVE

Code Analysis

Analyzed Mar 16, 2026

Participants Database Code Analysis

Dangerous Functions

Raw SQL Queries

179 prepared

Unescaped Output

450 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

87% prepared205 total queries

Output Escaping

90% escaped500 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

10 flows1 with unsanitized paths

process_page_request (participants-database.php:2349)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Participants Database Attack Surface

Entry Points3

Unprotected2

AJAX Handlers 2

authwp_ajax_pdb_list_filterparticipants-database.php:364

noprivwp_ajax_pdb_list_filterparticipants-database.php:365

Shortcodes 1

[pdb_search_return_link] classes\PDb_shortcodes\search_return_link.php:46

WordPress Hooks 128

filterpdb-admin_list_with_selected_control_htmlclasses\PDb_admin_list\delete.php:37

filterpdb-access_capabilityclasses\PDb_admin_list\field_selector.php:119

filterpdb-admin_list_with_selected_actionsclasses\PDb_admin_list\mass_edit.php:44

filterpdb-admin_list_with_selected_action_conf_messagesclasses\PDb_admin_list\mass_edit.php:45

filterpdb-admin_list_with_selected_control_htmlclasses\PDb_admin_list\mass_edit.php:49

actionadmin_noticesclasses\PDb_Admin_Notices.php:217

actionadmin_enqueue_scriptsclasses\PDb_Admin_Notices.php:218

actionparticipants_database_uninstallclasses\PDb_Admin_Notices.php:222

actionadmin_menuclasses\PDb_Aux_Plugin.php:153

actionadmin_initclasses\PDb_Aux_Plugin.php:154

actionadmin_enqueue_scriptsclasses\PDb_Aux_Plugin.php:155

actionplugins_loadedclasses\PDb_Aux_Plugin.php:156

actioninitclasses\PDb_Aux_Plugin.php:157

filterplugin_row_metaclasses\PDb_Aux_Plugin.php:158

actionplugins_loadedclasses\PDb_Aux_Plugin.php:159

actioninitclasses\PDb_Aux_Plugin.php:161

actioninitclasses\PDb_Aux_Plugin.php:284

actioninitclasses\PDb_Aux_Plugin.php:325

actionadmin_enqueue_scriptsclasses\PDb_Aux_Plugin.php:502

actionadmin_noticesclasses\PDb_Aux_Plugin.php:1050

filterpdb-dynamic_field_type_listclasses\PDb_Base.php:451

filterpdb-allow_imported_empty_value_overwriteclasses\PDb_CSV_Import.php:49

actioninitclasses\PDb_Debug.php:54

actionadmin_menuclasses\PDb_Debug.php:61

actionadmin_initclasses\PDb_Debug.php:63

actionadmin_enqueue_scriptsclasses\PDb_Debug.php:65

actionparticipants_database_uninstallclasses\PDb_Debug.php:67

filterpdb-before_submit_signupclasses\PDb_fields\calculated_field.php:60

filterpdb-new_field_paramsclasses\PDb_fields\calculated_field.php:62

filterpdb-field_default_attribute_edit_configclasses\PDb_fields\calculated_field.php:68

filterpdb-signup_form_hidden_fieldsclasses\PDb_fields\calculated_field.php:183

filterpdb-add_field_to_iteratorclasses\PDb_fields\calculated_field.php:189

actioninitclasses\PDb_fields\core.php:59

filterpdb-before_display_form_elementclasses\PDb_fields\core.php:63

filterpdb-form_element_datatypeclasses\PDb_fields\core.php:64

filterpdb-set_form_element_typesclasses\PDb_fields\core.php:65

filterpdb-field_has_content_test_valueclasses\PDb_fields\core.php:69

filterpdb-field_is_linkableclasses\PDb_fields\core.php:238

filterpdb-dynamic_field_listclasses\PDb_fields\core.php:254

filterpdb-with_selected_mass_edit_included_field_typesclasses\PDb_fields\core.php:270

filterpdb-field_default_attribute_edit_configclasses\PDb_fields\core.php:286

filterpdb-display_column_suppressed_form_elementsclasses\PDb_fields\core.php:331

filterpdb-before_submit_updateclasses\PDb_fields\dynamic_db_field.php:45

filterpdb-before_submit_addclasses\PDb_fields\dynamic_db_field.php:46

filterpdb-dynamic_db_field_updateclasses\PDb_fields\dynamic_db_field.php:49

actionpdb-dynamic_db_field_update_allclasses\PDb_fields\dynamic_db_field.php:51

filterpdb-update_field_defclasses\PDb_fields\dynamic_db_field.php:53

actionadmin_enqueue_scriptsclasses\PDb_fields\dynamic_db_field.php:55

filterpdb-before_list_admin_with_selected_actionclasses\PDb_fields\dynamic_db_field.php:57

actionpdb-after_import_recordclasses\PDb_fields\dynamic_db_field.php:60

actionpdb-admin_list_with_selected_completeclasses\PDb_fields\dynamic_db_field.php:546

actionpdb-admin_list_with_selected_completeclasses\PDb_fields\dynamic_db_field.php:556

filterpdb-needs_date_updated_timestampclasses\PDb_fields\dynamic_db_field.php:591

filterpdb-add_field_to_iteratorclasses\PDb_fields\heading.php:34

filterpdb-record_form_hidden_fieldsclasses\PDb_fields\last_update_user.php:40

filterpdb-field_editor_switchesclasses\PDb_fields\last_update_user.php:42

filterpdb-before_submit_updateclasses\PDb_fields\last_update_user.php:44

actionpdb-after_submit_updateclasses\PDb_fields\last_update_user.php:79

filterpdb-allowed_html_postclasses\PDb_fields\media_embed.php:91

filterpdb-allowed_html_formclasses\PDb_fields\media_embed.php:92

filtertiny_mce_before_initclasses\PDb_fields\rich_text_editor.php:153

filterpdb-field_default_attribute_edit_configclasses\PDb_fields\shortcode.php:34

filterpdb-allowed_html_postclasses\PDb_fields\shortcode.php:140

filterpdb-allowed_html_formclasses\PDb_fields\shortcode.php:141

actioninitclasses\PDb_fields\utility.php:35

filterpdb-field_editor_form_element_optionsclasses\PDb_fields\utility.php:48

filterpdb-add_index_to_element_idclasses\PDb_FormElement.php:97

filtertiny_mce_before_initclasses\PDb_FormElement.php:332

actioninitclasses\PDb_import\controller.php:32

filterpdb-get_import_processclasses\PDb_import\controller.php:33

actionpdb-csv_import_file_loadclasses\PDb_import\import_status_display.php:34

filterpdb-allow_imported_empty_value_overwriteclasses\PDb_import\process.php:102

filterpdb-csv_import_reportclasses\PDb_import\process.php:259

actionswitch_blogclasses\PDb_Init.php:273

filterpdb-single_record_pageclasses\PDb_List.php:1276

actionwp_mail_failedclasses\PDb_List_Admin.php:161

actionpdb-list_admin_headclasses\PDb_List_Admin.php:162

filterpdb-translate_event_titlesclasses\PDb_List_Admin.php:1033

filterpdb-raw_search_termclasses\PDb_List_Query.php:126

actionadmin_post_update_fieldsclasses\PDb_Manage_Fields_Updates.php:32

actionadmin_post_add_fieldclasses\PDb_Manage_Fields_Updates.php:33

actionadmin_post_add_groupclasses\PDb_Manage_Fields_Updates.php:34

actionadmin_post_update_groupsclasses\PDb_Manage_Fields_Updates.php:35

actionpdb-before_field_added_to_iteratorclasses\PDb_Record.php:54

actioninitclasses\PDb_Settings.php:31

filterpdb-settings_page_setting_valueclasses\PDb_Settings.php:60

filterplugins_loadedclasses\PDb_Settings.php:123

filtersafe_style_cssclasses\PDb_Shortcode.php:292

actionpdb-list_query_objectclasses\PDb_shortcodes\search_return_link.php:48

filterpdb-list_header_titleclasses\PDb_shortcodes\sort_headers.php:27

actionpdb-before_include_shortcode_templateclasses\PDb_shortcodes\sort_headers.php:29

actionpdb-before_field_added_to_iteratorclasses\PDb_Signup.php:77

filterpdb-record_edit_pageclasses\PDb_Signup.php:125

actionrest_api_initclasses\PDb_submission\rest_api\request.php:40

actionphpmailer_initclasses\PDb_Template_Email.php:43

filterpdb-tag_template_field_display_valueclasses\PDb_Template_Email.php:45

filterpdb-tag_template_moduleclasses\PDb_Template_Email.php:84

actionwp_mail_failedclasses\xnau_Template_Email.php:79

filterplugin_row_metaparticipants-database.php:308

filterall_pluginsparticipants-database.php:309

actionplugins_loadedparticipants-database.php:312

actionplugins_loadedparticipants-database.php:313

actioninitparticipants-database.php:314

actionwpparticipants-database.php:315

actionwpparticipants-database.php:316

filterbody_classparticipants-database.php:318

actionadmin_menuparticipants-database.php:319

actionadmin_initparticipants-database.php:320

actionadmin_initparticipants-database.php:321

actionwp_enqueue_scriptsparticipants-database.php:322

actionwp_loadedparticipants-database.php:324

actionadmin_enqueue_scriptsparticipants-database.php:326

actionpdb-shortcode_presentparticipants-database.php:329

actionpdb-clear_page_cacheparticipants-database.php:332

actionswitch_blogparticipants-database.php:339

actionwpmu_new_blogparticipants-database.php:341

actiondelete_blogparticipants-database.php:342

filterpdb-translate_stringparticipants-database.php:360

filterthe_contentparticipants-database.php:374

filterpdb-register_global_eventparticipants-database.php:380

actionwp_loadedparticipants-database.php:386

filterpdb-record_id_in_get_varparticipants-database.php:574

actionadmin_initparticipants-database.php:605

filteradmin_body_classparticipants-database.php:755

actionwp_enqueue_scriptsparticipants-database.php:851

filterpdb-translate_event_titlesparticipants-database.php:923

actionadmin_noticesparticipants-database.php:3861

actionadmin_initparticipants-database.php:3863

Maintenance & Trust

Participants Database Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 4, 2025

PHP min version7.4

Downloads1.3M

Community Trust

Rating98/100

Number of ratings320

Active installs7K

Alternatives

Participants Database Alternatives

Directorist: AI-Powered Business Directory, Listings & Classified Ads

directorist

Build any type of directory website such as a business directory, job directory, classifieds directory, and more with this WordPress directory plugin.

20K 21 CVEs

Business Directory Plugin – Easy Listing Directories for WordPress

business-directory-plugin

The easy Business Directory Plugin for WordPress. Build an easy team directory, member directory, staff directory, church directory, and more.

10K 16 CVEs

Classified Listing – AI-Powered Classified ads & Business Directory Plugin

classified-listing

A Classified ads and Business Directory plugin for WordPress, to create classified listing, real estate directory, local business directory, and more.

10K 18 CVEs

GeoDirectory – WP Business Directory Plugin and Classified Listings Directory

geodirectory

A superb WordPress Business Directory plugin to create a local business directory, classified ads directory, or job listings board.

10K 17 CVEs

HivePress – Business Directory & Classified Ads Plugin

hivepress

100

A simple yet powerful plugin to create a business directory, job board, real estate, classified ads, or basically any type of directory website.

10K No CVEs

Developer Profile

Participants Database Developer Profile

xnau webdesign

3 plugins · 8K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

920 days

View full developer profile

Detection Fingerprints

How We Detect Participants Database

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/participants-database/css/pd_admin.css/wp-content/plugins/participants-database/css/pd_styles.css/wp-content/plugins/participants-database/css/pd_frontend.css/wp-content/plugins/participants-database/css/pd_frontend_override.css/wp-content/plugins/participants-database/css/pd_search_form.css/wp-content/plugins/participants-database/css/pd_form_builder.css/wp-content/plugins/participants-database/css/pd_date.css/wp-content/plugins/participants-database/css/pd_validation.css+3 more

Script Paths

/wp-content/plugins/participants-database/js/pd_functions.js/wp-content/plugins/participants-database/js/pd_form_validation.js/wp-content/plugins/participants-database/js/pd_frontend.js/wp-content/plugins/participants-database/js/pd_frontend_dialog.js/wp-content/plugins/participants-database/js/pd_admin.js/wp-content/plugins/participants-database/js/pd_form_builder.js+3 more

Version Parameters

participants-database/css/pd_admin.css?ver=participants-database/css/pd_styles.css?ver=participants-database/css/pd_frontend.css?ver=participants-database/css/pd_frontend_override.css?ver=participants-database/css/pd_search_form.css?ver=participants-database/css/pd_form_builder.css?ver=participants-database/css/pd_date.css?ver=participants-database/css/pd_validation.css?ver=participants-database/css/pd_frontend_dialog.css?ver=participants-database/css/pd_frontend_dialog_override.css?ver=participants-database/css/pd_print.css?ver=participants-database/js/pd_functions.js?ver=participants-database/js/pd_form_validation.js?ver=participants-database/js/pd_frontend.js?ver=participants-database/js/pd_frontend_dialog.js?ver=participants-database/js/pd_admin.js?ver=participants-database/js/pd_form_builder.js?ver=participants-database/js/pd_date.js?ver=participants-database/js/pd_autosave.js?ver=participants-database/js/pd_search.js?ver=

HTML / DOM Fingerprints

CSS Classes

pdb-frontend-formpdb-registration-formpdb-edit-formpdb-view-formpdb-search-formpdb-dialogpdb-dialog-overlaypdb-form-field+17 more

HTML Comments

Data Attributes

data-pdb-form-iddata-pdb-field-iddata-pdb-field-namedata-pdb-validation-rule

JS Globals

pd_varspdb_functionspdb_form_validation_objectpdb_frontend_dialog_objectpdb_admin_objectpdb_form_builder_object+3 more

REST Endpoints

/wp-json/participants-database/v1/forms/wp-json/participants-database/v1/records/wp-json/participants-database/v1/fields/wp-json/participants-database/v1/groups

Shortcode Output

[pdb_list][pdb_form][pdb_signup][pdb_edit]

FAQ

Participants Database Security & Risk Analysis

Is Participants Database Safe to Use in 2026?

Generally Safe

Key Concerns

Participants Database Security Vulnerabilities

CVEs by Year

Severity Breakdown

Participants Database Release Timeline

Participants Database Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

Participants Database Attack Surface

AJAX Handlers 2

Shortcodes 1

Participants Database Maintenance & Trust

Maintenance Signals

Community Trust

Participants Database Alternatives

Directorist: AI-Powered Business Directory, Listings & Classified Ads

Business Directory Plugin – Easy Listing Directories for WordPress

Classified Listing – AI-Powered Classified ads & Business Directory Plugin

GeoDirectory – WP Business Directory Plugin and Classified Listings Directory

HivePress – Business Directory & Classified Ads Plugin

Participants Database Developer Profile

How We Detect Participants Database

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Participants Database