Does Site Address Migrator have any unpatched vulnerabilities?

No. All known vulnerabilities in Site Address Migrator have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Site Address Migrator compatible with WordPress 5.3.21?

According to WordPress.org data, Site Address Migrator 2.0 has been tested up to WordPress 5.3.21. Check the plugin's changelog for the latest compatibility information.

How often is Site Address Migrator updated?

Site Address Migrator was last updated on Dec 22, 2019. Frequent updates are generally a positive security signal.

What is Site Address Migrator's security score?

Site Address Migrator has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Site Address Migrator Security & Risk Analysis

wordpress.org/plugins/site-address-migrator

Updates urls in pages, posts, comments, descriptions, widgets and options when Site Address (Site URL) is changed.

200 active installs v2.0 PHP + WP 3.0.1+ Updated Dec 22, 2019

changing-site-addresschanging-site-urlsite-addresssiteurlupdate-url

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Site Address Migrator Safe to Use in 2026?

Generally Safe

Score 85/100

Site Address Migrator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "site-address-migrator" v2.0 plugin exhibits a generally strong security posture based on the provided static analysis. A notable absence of entry points like AJAX handlers, REST API routes, and shortcodes significantly limits the plugin's attack surface. Furthermore, the code demonstrates good practice by ensuring all detected outputs are properly escaped, mitigating cross-site scripting risks. The plugin also appears to have a clean vulnerability history with no recorded CVEs, suggesting a history of secure development or effective patching.

However, a critical concern arises from the presence of the `unserialize()` function. This function is inherently risky as it can lead to remote code execution if used with untrusted input. The analysis indicates that while there is a capability check present, there is no explicit mention of nonce checks, which are crucial for preventing cross-site request forgery attacks, especially if any of the (currently unlisted) entry points were to be utilized without proper authentication. The total lack of prepared statements for SQL queries is also a significant weakness, increasing the risk of SQL injection vulnerabilities if the queries handle any user-supplied data.

Key Concerns

Use of unserialize() function
Raw SQL queries without prepared statements
Missing nonce checks

Vulnerabilities

None known

Site Address Migrator Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Site Address Migrator Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$dat[$x]=serialize(sf_mgr_replace(unserialize($doc[$x]),$ndl,$rpl));siteaddressmigrator.php:87

SQL Query Safety

0% prepared2 total queries

Output Escaping

100% escaped1 total outputs

Attack Surface

Site Address Migrator Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionadmin_menusiteaddressmigrator.php:37

actionadmin_initsiteaddressmigrator.php:38

actionupdate_option_siteurlsiteaddressmigrator.php:39

Maintenance & Trust

Site Address Migrator Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21

Last updatedDec 22, 2019

PHP min version

Downloads6K

Community Trust

Rating60/100

Number of ratings4

Active installs200

Alternatives

Site Address Migrator Alternatives

Go Live Update Urls

go-live-update-urls

100

Change the domain on your site with one click.

80K No CVEs

Search & Replace Everything – Quick and Easy Way to Find and Replace Text, Links

update-urls

100

Quick and Easy way to search all URLS, Content and replace them with new links and content in WordPress website.

20K No CVEs

Developer Profile

Site Address Migrator Developer Profile

MembershipWorks

4 plugins · 4K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect Site Address Migrator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

wrap

Shortcode Output

<div class="wrap"><h1>Site Address Manual Updater</h1><table class="form-table"><tr valign="top"><th scope="row">Old site address</th><td><input type="text" name="sf_mgr[old]" value="" /></td></tr>

FAQ