Does SFR Directory Category Display have any unpatched vulnerabilities?

No. All known vulnerabilities in SFR Directory Category Display have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is SFR Directory Category Display compatible with WordPress 6.9.4?

According to WordPress.org data, SFR Directory Category Display 5.1.6 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is SFR Directory Category Display compatible with PHP 7.4+?

SFR Directory Category Display requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SFR Directory Category Display updated?

SFR Directory Category Display was last updated on Jan 18, 2026. Frequent updates are generally a positive security signal.

What is SFR Directory Category Display's security score?

SFR Directory Category Display has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SFR Directory Category Display Security & Risk Analysis

wordpress.org/plugins/sfr-directory-category-display

Automatically displays category descriptions, images, and subcategories for Directorist, Business Directory Plugin, and GeoDirectory.

10 active installs v5.1.6 PHP 7.4+ WP 5.0+ Updated Jan 18, 2026

business-directorycategorydirectoristgeodirectory

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is SFR Directory Category Display Safe to Use in 2026?

Generally Safe

Score 100/100

SFR Directory Category Display has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

Based on the provided static analysis and vulnerability history, the sfr-directory-category-display plugin v5.1.6 exhibits a generally strong security posture. The absence of known CVEs, critical or high severity taint flows, and the consistent use of prepared statements for all SQL queries are significant strengths. Furthermore, the high percentage of properly escaped output and the presence of nonce and capability checks on its entry points indicate good development practices for handling user-supplied data and controlling access. The plugin also avoids bundled libraries, which can often be a source of outdated and vulnerable components.

However, a few areas warrant attention. The plugin has four AJAX handlers, and while the analysis states zero are without auth checks, this is a critical area to re-verify. Any undiscovered bypasses or misconfigurations in these checks could expose the plugin to unauthorized actions. The presence of file operations and an external HTTP request, while not explicitly flagged as vulnerable, always introduce a potential attack surface that requires careful scrutiny. The total number of entry points (4 AJAX handlers) is not excessively large, but the lack of shortcodes or cron events means the AJAX handlers are the primary focus for potential vulnerabilities.

In conclusion, the plugin appears to be developed with security in mind, demonstrating good practices in critical areas like SQL handling and output sanitization, and it has a clean vulnerability history. The primary area of vigilance should be the thoroughness of authentication and authorization checks on all its AJAX endpoints to ensure no unintended access or actions can be performed.

Key Concerns

AJAX handlers without auth checks (if found)
Potential risk from file operations
Potential risk from external HTTP requests

Vulnerabilities

None known

SFR Directory Category Display Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

SFR Directory Category Display Code Analysis

Dangerous Functions

Raw SQL Queries

12 prepared

Unescaped Output

371 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared12 total queries

Output Escaping

99% escaped373 total outputs

Data Flows

All sanitized

Data Flow Analysis

7 flows

directorist_settings_page (includes\admin\class-shared-admin.php:321)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

SFR Directory Category Display Attack Surface

Entry Points4

Unprotected0

AJAX Handlers 4

authwp_ajax_sfrdcd_load_analyticssfr-directory-category-display.php:119

authwp_ajax_sfrdcd_submit_deactivation_feedbacksfr-directory-category-display.php:120

authwp_ajax_sfrdcd_enable_image_settingsfr-directory-category-display.php:473

noprivwp_ajax_sfrdcd_enable_image_settingsfr-directory-category-display.php:474

WordPress Hooks 63

actionadmin_menuincludes\admin\class-shared-admin.php:19

actionadmin_initincludes\admin\class-shared-admin.php:21

actionwp_footerincludes\class-sfr-directory-category.php:28

actionwp_footerincludes\class-sfr-directory-category.php:62

actionwp_footerincludes\class-sfr-directory-category.php:68

actionwp_enqueue_scriptsincludes\class-sfr-directory-category.php:93

actionwp_footerincludes\components\class-directorist-component.php:21

actionwp_footerincludes\components\class-directorist-component.php:28

actiondirectorist_before_listing_loopincludes\components\class-directorist-component.php:35

actiondirectorist_archive_before_loopincludes\components\class-directorist-component.php:36

actiondirectorist_before_all_listings_loopincludes\components\class-directorist-component.php:37

actiondirectorist_before_grid_listings_loopincludes\components\class-directorist-component.php:38

filterdirectorist_all_listing_contentincludes\components\class-directorist-component.php:42

filterget_the_archive_descriptionincludes\components\class-directorist-component.php:43

actiondirectorist_before_listing_loopincludes\components\class-directorist-component.php:47

actiondirectorist_archive_before_loopincludes\components\class-directorist-component.php:49

actionwp_enqueue_scriptsincludes\components\class-directorist-component.php:54

actionwp_footerincludes\components\class-directorist-component.php:58

filterthe_contentincludes\components\class-sfr-component.php:28

actionwp_enqueue_scriptsincludes\components\class-sfr-component.php:31

actionwp_footerincludes\components\class-sfr-component.php:35

actionadmin_noticessfr-directory-category-display.php:43

actionplugins_loadedsfr-directory-category-display.php:106

actionadmin_menusfr-directory-category-display.php:115

actionadmin_initsfr-directory-category-display.php:116

actionadmin_noticessfr-directory-category-display.php:117

actionadmin_enqueue_scriptssfr-directory-category-display.php:118

actionwp_footersfr-directory-category-display.php:139

actionwp_footersfr-directory-category-display.php:149

actionwp_footersfr-directory-category-display.php:159

actionwp_footersfr-directory-category-display.php:171

actionwp_footersfr-directory-category-display.php:194

actionadmin_noticessfr-directory-category-display.php:352

actionwp_footersfr-directory-category-display.php:361

actionwp_footersfr-directory-category-display.php:372

actionwp_footersfr-directory-category-display.php:376

actionwp_enqueue_scriptssfr-directory-category-display.php:380

actionwp_enqueue_scriptssfr-directory-category-display.php:381

actionwp_headsfr-directory-category-display.php:384

actionwp_footersfr-directory-category-display.php:388

actiongenesis_before_content_sidebar_wrapsfr-directory-category-display.php:398

actiontha_content_beforesfr-directory-category-display.php:399

actiongenesis_before_content_sidebar_wrapsfr-directory-category-display.php:412

actiontha_content_beforesfr-directory-category-display.php:413

actionwp_headsfr-directory-category-display.php:1890

actionadmin_noticessfr-directory-category-display.php:2437

actionadmin_noticessfr-directory-category-display.php:2455

actionupdate_option_sfrdcd_style_typesfr-directory-category-display.php:2461

actionupdate_option_sfrdcd_show_imagesfr-directory-category-display.php:2462

actionupdate_option_sfrdcd_image_positionsfr-directory-category-display.php:2463

actionupdate_option_sfrdcd_image_alignmentsfr-directory-category-display.php:2464

actionupdate_option_sfrdcd_custom_image_sizesfr-directory-category-display.php:2465

actionupdate_option_sfrdcd_color_modesfr-directory-category-display.php:2466

actionupdate_option_sfrdcd_primary_colorsfr-directory-category-display.php:2467

actionupdate_option_sfrdcd_background_colorsfr-directory-category-display.php:2468

actionupdate_option_sfrdcd_text_colorsfr-directory-category-display.php:2469

actionupdate_option_sfrdcd_border_colorsfr-directory-category-display.php:2470

actionupdate_option_sfrdcd_subcategory_primary_colorsfr-directory-category-display.php:2471

actionupdate_option_sfrdcd_subcategory_hover_colorsfr-directory-category-display.php:2472

actionupdate_option_usfrdcd_force_list_view_mobilesfr-directory-category-display.php:2473

actionupdate_option_sfrdcd_selected_directory_pluginsfr-directory-category-display.php:2476

actionupdate_option_sfrdcd_selected_directory_pluginsfr-directory-category-display.php:2480

actionadmin_noticessfr-directory-category-display.php:2666

Maintenance & Trust

SFR Directory Category Display Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 18, 2026

PHP min version7.4

Downloads469

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

SFR Directory Category Display Alternatives

SFR Directory Analytics

sfr-directory-analytics

100

Free analytics for Directorist, GeoDirectory & Business Directory. Track listings, searches & performance with beautiful dashboards.

10 No CVEs

GeoBuddy

geobuddy

100

Enhance your GeoDirectory listings with modern social media fields and virtual tour integration. ---

0 No CVEs

Category Order and Taxonomy Terms Order

taxonomy-terms-order

Drag-and-drop ordering for Categories & any taxonomy (hierarchically) using a Drag and Drop Sortable JavaScript capability.

500K 2 CVEs

No Category Base (WPML)

no-category-base-wpml

100

This plugin removes the mandatory 'Category Base' from your category permalinks. It's compatible with WPML.

100K No CVEs

Pages with category and tag

pages-with-category-and-tag

100

Add Categories and Tags to Pages.

60K No CVEs

Developer Profile

SFR Directory Category Display Developer Profile

SupportFromRichard

6 plugins · 70 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect SFR Directory Category Display

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sfr-directory-category-display/assets/css/sfr-dcd-frontend.css/wp-content/plugins/sfr-directory-category-display/assets/js/sfr-dcd-frontend.js/wp-content/plugins/sfr-directory-category-display/assets/css/sfr-dcd-admin.css/wp-content/plugins/sfr-directory-category-display/assets/js/sfr-dcd-admin.js

Script Paths

/wp-content/plugins/sfr-directory-category-display/assets/js/sfr-dcd-frontend.js/wp-content/plugins/sfr-directory-category-display/assets/js/sfr-dcd-admin.js

Version Parameters

sfr-directory-category-display/assets/css/sfr-dcd-frontend.css?ver=sfr-directory-category-display/assets/js/sfr-dcd-frontend.js?ver=sfr-directory-category-display/assets/css/sfr-dcd-admin.css?ver=sfr-directory-category-display/assets/js/sfr-dcd-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

sfr-dcd-category-descriptionsfr-dcd-subcategory-listsfr-dcd-grid-layoutsfr-dcd-list-layoutsfr-dcd-category-imagesfr-dcd-seo-analytics-dashboardsfr-dcd-admin-notice-upgrade

HTML Comments

<!-- DCD Debug: Selected plugin setting: <!-- DCD Debug: Auto-detected plugin: <!-- DCD Debug: Selected directory plugin: +6 more

Data Attributes

data-plugin-slug="sfr-directory-category-display"

JS Globals

window.sfr_dcd_ajax_object

Shortcode Output

[sfr_directory_category_display][sfr-directory-category-display]

FAQ