Pro Missa Security & Risk Analysis

wordpress.org/plugins/promissa

This plugin will give you shortcodes and widgets with the latest masses and events of Pro Missa.

0 active installs v1.4.1 PHP 5.2.4+ WP 5.2.1+ Updated Jul 7, 2022
kerkkerkgebouwenledenadministratiemistijdenvieringen
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Pro Missa Safe to Use in 2026?

Generally Safe

Score 85/100

Pro Missa has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The "promissa" plugin version 1.4.1 presents a mixed security posture. While it demonstrates good practices in handling SQL queries with prepared statements and no recorded vulnerability history, several significant concerns are raised by the static analysis. The presence of unprotected AJAX handlers creates a direct attack vector, as these can be triggered without proper authentication. Furthermore, the high percentage of unsanitized output flows in the taint analysis is a serious red flag, indicating a strong likelihood of cross-site scripting (XSS) vulnerabilities. The plugin also lacks nonce and capability checks, which are fundamental security mechanisms for WordPress plugins, especially when dealing with user-initiated actions or sensitive data.

Despite the absence of known CVEs, the identified code signals and taint analysis results point to inherent security weaknesses that could be exploited. The unprotected entry points and the significant proportion of improperly escaped outputs create a tangible risk of various attacks. The lack of any recorded vulnerabilities in its history might suggest it hasn't been extensively targeted or thoroughly audited, rather than indicating an inherently secure design. Therefore, while the plugin avoids common pitfalls like raw SQL queries, its reliance on unimplemented security checks and the presence of unsanitized data flows warrant caution and remediation.

Key Concerns

  • Unprotected AJAX handlers
  • Unsanitized output flows
  • Missing nonce checks
  • Missing capability checks
  • Dangerous function (ini_set)
Vulnerabilities
None known

Pro Missa Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Pro Missa Release Timeline

v1.5.1
v1.5.0
v1.4.2
v1.4.1Current
v1.4.0
v1.2.8
v1.2.2
v1.2.1
v1.2.0
v1.1.0
v1.0.1
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

Pro Missa Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
1 prepared
Unescaped Output
104
45 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

ini_setini_set('intl.default_locale', 'nl-NL');shortcodes/corona.php:4

SQL Query Safety

100% prepared1 total queries

Output Escaping

30% escaped149 total outputs
Data Flows · Security
6 unsanitized

Data Flow Analysis

6 flows6 with unsanitized paths
promissa_settings_render_list_page (admin/settings.php:4)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Pro Missa Attack Surface

Entry Points7
Unprotected2

AJAX Handlers 2

authwp_ajax_search_sitepromissa.php:165
noprivwp_ajax_search_sitepromissa.php:166

Shortcodes 5

[promissa-calendar] shortcodes/calendar.php:292
[promissa-corona] shortcodes/corona.php:246
[promissa-form] shortcodes/form.php:238
[promissa-intentions] shortcodes/intentions.php:229
[promissa-upcoming-masses] shortcodes/upcoming_mass.php:148
WordPress Hooks 17
actioninitpromissa.php:95
actionwp_footerpromissa.php:96
actionadmin_enqueue_scriptspromissa.php:137
actioninitpromissa.php:169
actionadmin_menupromissa.php:170
actionwidgets_initpromissa.php:171
actionwp_footershortcodes/calendar.php:274
actionwp_enqueue_scriptsshortcodes/calendar.php:275
actionwoocommerce_before_add_to_cart_buttonshortcodes/intentions_from.php:86
filterwoocommerce_add_to_cart_validationshortcodes/intentions_from.php:138
filterwoocommerce_add_cart_item_datashortcodes/intentions_from.php:203
filterwoocommerce_get_item_datashortcodes/intentions_from.php:226
actionwoocommerce_checkout_create_order_line_itemshortcodes/intentions_from.php:260
filterwoocommerce_order_items_meta_get_formattedshortcodes/intentions_from.php:282
filterwoocommerce_order_item_productshortcodes/intentions_from.php:291
actionwoocommerce_email_order_metashortcodes/intentions_from.php:312
actionwoocommerce_order_status_completedshortcodes/intentions_from.php:367
Maintenance & Trust

Pro Missa Maintenance & Trust

Maintenance Signals

WordPress version tested6.1.0
Last updatedJul 7, 2022
PHP min version5.2.4
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

Pro Missa Developer Profile

Kerk en IT

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Pro Missa

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/promissa/js/global.min.js
Script Paths
https://cdnjs.cloudflare.com/ajax/libs/jquery-autocomplete/1.0.7/jquery.auto-complete.min.jshttps://cdnjs.cloudflare.com/ajax/libs/fullcalendar/4.2.0/moment-timezone/main.min.jshttps://cdnjs.cloudflare.com/ajax/libs/fullcalendar/4.2.0/core/main.min.jshttps://cdnjs.cloudflare.com/ajax/libs/fullcalendar/4.2.0/core/locales-all.min.jshttps://cdnjs.cloudflare.com/ajax/libs/fullcalendar/4.2.0/daygrid/main.min.jshttps://cdnjs.cloudflare.com/ajax/libs/fullcalendar/4.2.0/timegrid/main.min.js+2 more
Version Parameters
promissa/js/global.min.js?ver=1.4.0

HTML / DOM Fingerprints

JS Globals
globalProMissaEvents
REST Endpoints
/wp-json/promissa/v1/calendar
Shortcode Output
[promissa_calendar][promissa_agenda]
FAQ

Frequently Asked Questions about Pro Missa