WP-Safety

Property Management Software | UnitConnect Security & Risk Analysis

wordpress.org/plugins/property-management-software-unitconnect

A plugin for Commercial Property Managers that allows to easily manage their inventory and availability for lease and/or sale.

10 active installs v1.0.0 PHP + WP 4.5+ Updated Aug 10, 2021
commercial-property-panagementcommercial-real-estateproperty-inventory-and-listingsproperty-managementunitconnect-property-management-software
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Property Management Software | UnitConnect Safe to Use in 2026?

Generally Safe

Score 85/100

Property Management Software | UnitConnect has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The plugin "property-management-software-unitconnect" v1.0.0 demonstrates a mixed security posture. On the positive side, it has no known historical CVEs, indicating a potentially well-maintained or less targeted plugin. The static analysis also reveals a good percentage of SQL queries using prepared statements and a high rate of output escaping, which are strong security practices. However, there are significant concerns regarding its attack surface. A substantial number of AJAX handlers (6 out of 9) lack authentication checks, presenting a clear risk of unauthorized actions being performed if these handlers are reachable by unauthenticated users. Additionally, three taint flows were identified with unsanitized paths, although thankfully, none reached a critical or high severity level in this analysis. The presence of unsanitized paths, even without immediate critical impact, warrants attention as it can lead to chained exploits or become problematic in future versions.

While the lack of historical vulnerabilities is a strength, the significant number of unprotected AJAX endpoints is a notable weakness. The taint analysis, while not showing critical issues, does highlight potential areas for improvement in input sanitization. The bundled dompdf library is a potential area of concern if it's an older version, though the provided data doesn't specify its version or any known vulnerabilities within it. Overall, the plugin has some good security foundations but requires immediate attention to secure its AJAX endpoints and further investigate the unsanitized taint flows to mitigate potential risks.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • Limited nonce checks
  • Limited capability checks
Vulnerabilities
None known

Property Management Software | UnitConnect Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Property Management Software | UnitConnect Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
4 prepared
Unescaped Output
70
359 escaped
Nonce Checks
2
Capability Checks
2
File Operations
5
External Requests
0
Bundled Libraries
1

Bundled Libraries

dompdf

SQL Query Safety

80% prepared5 total queries

Output Escaping

84% escaped429 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

7 flows3 with unsanitized paths
ucpm_add_custom_import_button (includes\admin\export.php:6)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Property Management Software | UnitConnect Attack Surface

Entry Points15
Unprotected6

AJAX Handlers 9

authwp_ajax_ucpm_csv_exportincludes\admin\export.php:208
authwp_ajax_ucpm_pdf_exportincludes\admin\export.php:256
authwp_ajax_ucpm_import_csvincludes\admin\export.php:467
authwp_ajax_ucpm_ajax_archive_listingincludes\admin\metaboxes\functions.php:166
authwp_ajax_ucpm_contact_formincludes\class-ucpm-contact-form.php:24
noprivwp_ajax_ucpm_contact_formincludes\class-ucpm-contact-form.php:25
authwp_ajax_ucpm_orderby_valueincludes\class-ucpm-search.php:20
noprivwp_ajax_ucpm_orderby_valueincludes\class-ucpm-search.php:21
authwp_ajax_mts_dismiss_realestate_noticeincludes\functions-general.php:406

Shortcodes 6

[ucpm_archive_listings] includes\class-ucpm-archive-listings.php:11
[ucpm_contact_form] includes\class-ucpm-contact-form.php:22
[ucpm_map] includes\class-ucpm-map.php:11
[ucpm_search] includes\class-ucpm-search.php:13
[ucpm_property] includes\class-ucpm-shortcodes.php:10
[ucpm_properties] includes\class-ucpm-shortcodes.php:11
WordPress Hooks 99
filtermanage_listing_posts_columnsincludes\admin\class-ucpm-admin-columns.php:53
actionmanage_listing_posts_custom_columnincludes\admin\class-ucpm-admin-columns.php:54
filtermanage_edit-listing_sortable_columnsincludes\admin\class-ucpm-admin-columns.php:57
filterrequestincludes\admin\class-ucpm-admin-columns.php:58
filterrequestincludes\admin\class-ucpm-admin-columns.php:59
filterrequestincludes\admin\class-ucpm-admin-columns.php:60
actionrestrict_manage_postsincludes\admin\class-ucpm-admin-columns.php:63
actionparse_queryincludes\admin\class-ucpm-admin-columns.php:64
actionadmin_enqueue_scriptsincludes\admin\class-ucpm-admin-enqueues.php:32
actioncustomize_controls_print_stylesincludes\admin\class-ucpm-admin-enqueues.php:33
filtermanage_listing-inquiry_posts_columnsincludes\admin\class-ucpm-admin-inquiry-columns.php:32
actionmanage_listing-inquiry_posts_custom_columnincludes\admin\class-ucpm-admin-inquiry-columns.php:33
filtermanage_edit-listing-inquiry_sortable_columnsincludes\admin\class-ucpm-admin-inquiry-columns.php:36
filterrequestincludes\admin\class-ucpm-admin-inquiry-columns.php:37
filterrequestincludes\admin\class-ucpm-admin-inquiry-columns.php:38
filterrequestincludes\admin\class-ucpm-admin-inquiry-columns.php:39
actionrestrict_manage_postsincludes\admin\class-ucpm-admin-inquiry-columns.php:42
actionparse_queryincludes\admin\class-ucpm-admin-inquiry-columns.php:43
actionadmin_menuincludes\admin\class-ucpm-admin-menu.php:26
actionadmin_headincludes\admin\class-ucpm-admin-menu.php:27
actioncmb2_admin_initincludes\admin\class-ucpm-admin-metaboxes.php:19
filtercmb2-taxonomy_meta_boxesincludes\admin\class-ucpm-admin-metaboxes.php:20
actioncmb2_admin_initincludes\admin\class-ucpm-admin-options.php:6
actioncmb2_admin_initincludes\admin\class-ucpm-admin-options.php:559
actioninitincludes\admin\class-ucpm-admin.php:24
filteradmin_body_classincludes\admin\class-ucpm-admin.php:25
actionafter_wp_tiny_mceincludes\admin\class-ucpm-admin.php:26
filtermce_external_pluginsincludes\admin\class-ucpm-admin.php:52
filtermce_buttonsincludes\admin\class-ucpm-admin.php:55
actionadmin_head-edit.phpincludes\admin\export.php:27
filterwpincludes\class-ucpm-archive-listings.php:10
filteris_ucpmincludes\class-ucpm-archive-listings.php:20
actioninitincludes\class-ucpm-contact-form.php:20
actioncmb2_initincludes\class-ucpm-contact-form.php:21
filterwp_mail_content_typeincludes\class-ucpm-contact-form.php:23
actionwpmu_new_blogincludes\class-ucpm-install.php:267
actionadmin_initincludes\class-ucpm-install.php:301
actionadmin_noticesincludes\class-ucpm-install.php:327
filterwpincludes\class-ucpm-map.php:10
actionwp_enqueue_scriptsincludes\class-ucpm-map.php:12
filteris_ucpmincludes\class-ucpm-map.php:43
actioninitincludes\class-ucpm-post-status.php:15
actionadmin_footer-post.phpincludes\class-ucpm-post-status.php:16
actionadmin_footer-edit.phpincludes\class-ucpm-post-status.php:17
filterdisplay_post_statesincludes\class-ucpm-post-status.php:18
actioninitincludes\class-ucpm-post-types.php:30
actionpre_get_postsincludes\class-ucpm-query.php:17
actionwpincludes\class-ucpm-query.php:18
actionwpincludes\class-ucpm-query.php:19
filterquery_varsincludes\class-ucpm-search.php:16
actionpre_get_postsincludes\class-ucpm-search.php:18
filterwpincludes\class-ucpm-shortcodes.php:9
filteris_ucpmincludes\class-ucpm-shortcodes.php:26
filteris_single_ucpmincludes\class-ucpm-shortcodes.php:32
filterpost_classincludes\class-ucpm-shortcodes.php:147
actionwp_enqueue_scriptsincludes\frontend\class-ucpm-enqueues.php:68
actioninitincludes\frontend\class-ucpm-frontend.php:20
actionbody_classincludes\frontend\class-ucpm-frontend.php:21
filtertemplate_includeincludes\frontend\class-ucpm-template-loader.php:15
filterpost_classincludes\frontend\template-hooks.php:6
actionucpm_before_main_contentincludes\frontend\template-hooks.php:12
actionucpm_after_main_contentincludes\frontend\template-hooks.php:13
actionucpm_after_main_contentincludes\frontend\template-hooks.php:18
actionucpm_after_listings_loopincludes\frontend\template-hooks.php:19
actionwp_footerincludes\frontend\template-hooks.php:27
actionucpm_sidebarincludes\frontend\template-hooks.php:33
actionucpm_archive_page_contentincludes\frontend\template-hooks.php:39
actionucpm_archive_page_contentincludes\frontend\template-hooks.php:40
actionucpm_before_listings_loopincludes\frontend\template-hooks.php:42
actionucpm_before_listings_loopincludes\frontend\template-hooks.php:43
actionucpm_after_listings_loopincludes\frontend\template-hooks.php:45
actionucpm_before_listings_loop_item_summaryincludes\frontend\template-hooks.php:51
actionucpm_before_listings_loop_item_wrapperincludes\frontend\template-hooks.php:52
actionucpm_after_listings_loop_item_wrapperincludes\frontend\template-hooks.php:53
actionucpm_listings_loop_itemincludes\frontend\template-hooks.php:55
actionucpm_listings_loop_itemincludes\frontend\template-hooks.php:56
actionucpm_listings_loop_itemincludes\frontend\template-hooks.php:57
actionucpm_single_listing_galleryincludes\frontend\template-hooks.php:63
actionucpm_single_listing_summaryincludes\frontend\template-hooks.php:65
actionucpm_single_listing_contentincludes\frontend\template-hooks.php:67
actionucpm_single_listing_contentincludes\frontend\template-hooks.php:68
actionucpm_single_listing_contentincludes\frontend\template-hooks.php:69
actionucpm_single_listing_contentincludes\frontend\template-hooks.php:70
actionucpm_single_listing_contentincludes\frontend\template-hooks.php:71
actionucpm_single_listing_contentincludes\frontend\template-hooks.php:72
actionucpm_single_listing_contentincludes\frontend\template-hooks.php:73
actionucpm_single_listing_sidebarincludes\frontend\template-hooks.php:75
actionucpm_single_listing_sidebarincludes\frontend\template-hooks.php:76
actionucpm_single_listing_sidebarincludes\frontend\template-hooks.php:77
filterget_the_archive_titleincludes\frontend\template-tags.php:228
actioninitincludes\functions-general.php:169
actionafter_switch_themeincludes\functions-general.php:291
filterthe_contentincludes\functions-general.php:294
actionadmin_noticesincludes\functions-general.php:385
filtercmb2_override__ucpm_listing_agent_meta_saveincludes\functions-listing.php:313
filtercmb2_override__ucpm_listing_agent_meta_saveincludes\functions-listing.php:349
actionwidgets_initincludes\ucpm-widgets.php:13
actioninitucpm.php:93
filterplugin_row_metaucpm.php:94
Maintenance & Trust

Property Management Software | UnitConnect Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedAug 10, 2021
PHP min version
Downloads971

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Property Management Software | UnitConnect Alternatives

OwnerRez

OwnerRez

ownerrez

A
98

The official WordPress plugin for the OwnerRez API.

700 2 CVEs
Apimo Connector

Apimo Connector

apimo

C
56

Are you a real estate agent or broker looking for a way to streamline your business operations? Look no further! Our plugin is here to help.

100 2 unpatched
RentPress for Websites

RentPress for Websites

rentpress-for-websites

A
100

Connects property information to any WordPress site to help market your apartments. Supports data feeds from: RentCafe, Entrata, RealPage, and more.

100 No CVEs
Realty Portal – Floor Plan

Realty Portal – Floor Plan

realty-portal-floor-plan

A
85

Stable tag: 0.3.1 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html An add-on to display detailed information of propert …

60 No CVEs
Realty Portal – Advanced Search

Realty Portal – Advanced Search

realty-portal-advanced-search

A
85

Stable tag: 0.3.3 License: GPLv2 or later License URI: http://www.gnu.org/licenses/gpl-2.0.html An add-on to manage agents and their information rig …

40 No CVEs
Developer Profile

Property Management Software | UnitConnect Developer Profile

UnitConnect

1 plugin · 10 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Property Management Software | UnitConnect

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/property-management-software-unitconnect/includes/admin/assets/css/ucpm-admin.css/wp-content/plugins/property-management-software-unitconnect/includes/admin/assets/css/ucpm-admin-rtl.css/wp-content/plugins/property-management-software-unitconnect/includes/admin/assets/js/jquery.geocomplete.min.js/wp-content/plugins/property-management-software-unitconnect/includes/admin/assets/js/ucpm-admin-geocomplete.js/wp-content/plugins/property-management-software-unitconnect/includes/admin/assets/js/ucpm-admin.js/wp-content/plugins/property-management-software-unitconnect/assets/js/ucpm-gm-markers.js
Script Paths
includes/admin/assets/js/ucpm-admin.jsincludes/admin/assets/js/jquery.geocomplete.min.jsincludes/admin/assets/js/ucpm-admin-geocomplete.jsassets/js/ucpm-gm-markers.js
Version Parameters
ucpm-admin.css?ver=ucpm-admin-rtl.css?ver=jquery.geocomplete.min.js?ver=ucpm-admin-geocomplete.js?ver=ucpm-admin.js?ver=ucpm-gm-markers.js?ver=

HTML / DOM Fingerprints

CSS Classes
ucpm-map-container
HTML Comments
<!-- GOOGLE MAPS API KEY NOT FOUND. Please check your Settings -->
Data Attributes
data-post-iddata-centerlatdata-centerlngdata-zoomdata-addressdata-title+2 more
JS Globals
ucpm_map_keyucpm_google_maps_url
Shortcode Output
[ucpm_map
FAQ

Frequently Asked Questions about Property Management Software | UnitConnect