WP-Safety

SureFeedback Client Site Security & Risk Analysis

wordpress.org/plugins/projecthuddle-child-site

Provides a secure connection between your SureFeedback parent and client sites, syncing identities for WordPress-based commenting.

6K active installs v1.2.11 PHP 5.6+ WP 4.7+ Updated Dec 9, 2025
childdesignfeedbackhuddleproject
100
A · Safe
CVEs total1
Unpatched0
Last CVEDec 26, 2023
Plugin page Download
Safety Verdict

Is SureFeedback Client Site Safe to Use in 2026?

Generally Safe

Score 100/100

SureFeedback Client Site has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 26, 2023Updated 3mo ago
Risk Assessment

The projecthuddle-child-site plugin exhibits a mixed security posture. While it demonstrates strong practices in several areas, such as using prepared statements for all SQL queries and a high percentage of properly escaped output, significant concerns remain. The plugin has a notable attack surface with one unprotected REST API route, presenting a clear potential entry point for unauthorized actions. The presence of two taint flows with unsanitized paths, although not currently flagged as critical or high severity, warrants attention as these could be exploited under specific conditions. The vulnerability history, while showing no currently unpatched CVEs, indicates a past medium-severity vulnerability attributed to missing authorization. This pattern, combined with the unprotected REST API, suggests a recurring risk in authorization enforcement.

Key Concerns

  • Unprotected REST API route
  • Taint flows with unsanitized paths
  • Past medium severity vulnerability (Missing Authorization)
Vulnerabilities
1

SureFeedback Client Site Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2023-51376medium · 4.3Missing Authorization

ProjectHuddle Client Site <= 1.0.34 - Missing Authorization via ph_child_ajax_notice_handler

Dec 26, 2023 Patched in 1.0.35 (28d)
Code Analysis
Analyzed Mar 16, 2026

SureFeedback Client Site Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
5
47 escaped
Nonce Checks
2
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

90% escaped52 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
add_cors_headers (ph-child-rest-api.php:89)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

SureFeedback Client Site Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

authwp_ajax_ph_child_dismissed_notice_handlerph-child-functions.php:92

REST API Routes 1

GET/wp-json/surefeedback/v1/pagesph-child-rest-api.php:25
WordPress Hooks 17
actionrest_api_initph-child-rest-api.php:16
actionrest_api_initph-child-rest-api.php:17
filterrest_pre_serve_requestph-child-rest-api.php:90
actionadmin_noticesph-child.php:73
actionadmin_initph-child.php:105
actionadmin_menuph-child.php:106
actionadmin_initph-child.php:109
actionwp_footerph-child.php:111
actionwp_footerph-child.php:115
actionadmin_footerph-child.php:118
filterxmlrpc_blog_optionsph-child.php:122
actionadmin_initph-child.php:125
filterremovable_query_argsph-child.php:128
actionactivated_pluginph-child.php:135
filtergettextph-child.php:143
filterplugin_row_metaph-child.php:144
filterph_script_should_start_loadingph-child.php:147
Maintenance & Trust

SureFeedback Client Site Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 9, 2025
PHP min version5.6
Downloads174K

Community Trust

Rating80/100
Number of ratings40
Active installs6K
Alternatives

SureFeedback Client Site Alternatives

Atarim – Visual Feedback, Review & AI Collaboration

Atarim – Visual Feedback, Review & AI Collaboration

atarim-visual-collaboration

B
76

Make collecting feedback on WordPress sites MUCH faster and easier, with the visual collaboration tool used on over 120,000 websites worldwide.

1K 18 CVEs
Child Theme Creator by Orbisius

Child Theme Creator by Orbisius

orbisius-child-theme-creator

A
88

Create Child Themes quickly and easily from any theme that you have currently installed on your site/blog.

10K 4 CVEs
Generate Child Theme

Generate Child Theme

generate-child-theme

A
99

Create child themes of any WordPress themes effortlessly with Generate Child Theme.

8K 1 CVE
Quick Child Theme Generator

Quick Child Theme Generator

quick-child-theme-generator

A
85

Quick Child Theme Generator is a WordPress plugin and it is helpful for creating child themes quickly.

1K No CVEs
Webvizio

Webvizio

webvizio

A
100

The Ultimate Visual Feedback, Collaboration & Productivity Tool for Web Professionals.

100 No CVEs
Developer Profile

SureFeedback Client Site Developer Profile

Brainstorm Force

32 plugins · 8.6M total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
194 days
View full developer profile
Detection Fingerprints

How We Detect SureFeedback Client Site

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/projecthuddle-child-site/ph-child-style.css/wp-content/plugins/projecthuddle-child-site/ph-child-script.js
Version Parameters
projecthuddle-child-site/ph-child-style.css?ver=projecthuddle-child-site/ph-child-script.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- SureFeedback Client Site --><!-- SureFeedback --><!-- SureFeedback Core Plugin Detected -->
Data Attributes
data-ph-child-iddata-ph-child-signaturedata-ph-child-parent-url
JS Globals
PH_Child_Data
REST Endpoints
/wp-json/projecthuddle-child-site/v1/nonce/wp-json/projecthuddle-child-site/v1/get-site-settings/wp-json/projecthuddle-child-site/v1/disconnect
FAQ

Frequently Asked Questions about SureFeedback Client Site