WP-Safety

Sitelets for Multisite – Local Pages & Content Management for WordPress Multisite Security & Risk Analysis

wordpress.org/plugins/sitelets-for-multisite

Easily create, customize & update local pages across all sites in your WordPress Multisite network — ideal for franchises & multi-location SEO

0 active installs v0.3 PHP 7.4+ WP 6.0+ Updated Aug 8, 2025
dealer-sitesfranchise-websitesmulti-networkmultisitesub-site-content
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Sitelets for Multisite – Local Pages & Content Management for WordPress Multisite Safe to Use in 2026?

Generally Safe

Score 100/100

Sitelets for Multisite – Local Pages & Content Management for WordPress Multisite has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago
Risk Assessment

The "sitelets-for-multisite" plugin version 1.0.0 exhibits several concerning security practices, despite a clean vulnerability history. The most significant risk stems from an unprotected AJAX handler, which presents a direct entry point for potential attackers. While the plugin has a relatively small attack surface, this single unprotected endpoint drastically increases its vulnerability. The presence of the dangerous `unserialize` function, coupled with a raw SQL query that does not utilize prepared statements, raises further alarms. These elements, particularly when combined with potential unsanitized data passed through the AJAX handler, could lead to serious security issues like remote code execution or SQL injection if not handled with extreme caution and proper sanitization.

The plugin's vulnerability history is currently clean, with zero recorded CVEs. This is a positive indicator, suggesting that either the plugin has not been extensively targeted or that its current code has not yet been found to contain exploitable vulnerabilities. However, this lack of historical issues should not be seen as a guarantee of current security. The static analysis has clearly identified potential weaknesses that could be exploited in the future, especially given the unprotected AJAX endpoint. The significant percentage of properly escaped output (81%) is a strength, but it doesn't negate the critical risks identified.

In conclusion, while the plugin benefits from a clean vulnerability record and decent output escaping, its security posture is significantly weakened by an unprotected AJAX handler and the use of dangerous functions like `unserialize` alongside raw SQL queries. These factors combine to create a moderate to high risk profile, demanding immediate attention to secure the AJAX endpoint and sanitize all data before processing, especially before unserialization or database interaction.

Key Concerns

  • Unprotected AJAX handler present
  • Dangerous function used (unserialize)
  • SQL query without prepared statements
  • Taint flow with unsanitized paths
Vulnerabilities
None known

Sitelets for Multisite – Local Pages & Content Management for WordPress Multisite Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Sitelets for Multisite – Local Pages & Content Management for WordPress Multisite Code Analysis

Dangerous Functions
2
Raw SQL Queries
1
0 prepared
Unescaped Output
27
113 escaped
Nonce Checks
13
Capability Checks
5
File Operations
0
External Requests
8
Bundled Libraries
0

Dangerous Functions Found

unserializeupdate_post_meta( $post_id, '_elementor_page_assets', unserialize($meta['_elementor_page_assets'][0]elementor-sitelets.php:146
unserializeupdate_post_meta( $post_id, '_elementor_page_settings', unserialize($meta['_elementor_page_settings'elementor-sitelets.php:150

SQL Query Safety

0% prepared1 total queries

Output Escaping

81% escaped140 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

6 flows1 with unsanitized paths
license_page (edd-licensing.php:195)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Sitelets for Multisite – Local Pages & Content Management for WordPress Multisite Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 2

authwp_ajax_fetch_notificationsadmin-menus.php:87
authwp_ajax_submit_sitelet_feedbackbug-report.php:12
WordPress Hooks 72
filterpost_row_actionsadmin-menus.php:27
filterpage_row_actionsadmin-menus.php:28
actionadmin_headadmin-menus.php:29
actionadmin_enqueue_scriptsadmin-menus.php:30
filtermanage_posts_columnsadmin-menus.php:31
actionmanage_posts_custom_columnadmin-menus.php:35
filtermanage_pages_columnsadmin-menus.php:36
actionmanage_pages_custom_columnadmin-menus.php:37
actionquick_edit_custom_boxadmin-menus.php:38
actionsave_postadmin-menus.php:39
actionwp_after_insert_postadmin-menus.php:40
actionsave_postadmin-menus.php:44
actionpre_get_postsadmin-menus.php:47
actioninitadmin-menus.php:53
actionpre_get_postsadmin-menus.php:54
actionadmin_menuadmin-menus.php:55
actionwp_dashboard_setupadmin-menus.php:56
filterwpseo_canonicaladmin-menus.php:59
actionwp_headadmin-menus.php:61
filterbulk_actions-edit-postadmin-menus.php:65
filterbulk_actions-edit-pageadmin-menus.php:66
actionadmin_initadmin-menus.php:69
actionadmin_initadmin-menus.php:70
actionadmin_initadmin-menus.php:71
actionadmin_initadmin-menus.php:72
actionadmin_noticesadmin-menus.php:74
actionwp_initialize_siteadmin-menus.php:78
actionuser_registeradmin-menus.php:79
actionadmin_bar_menuadmin-sitelets.php:36
actionadmin_enqueue_scriptsbug-report.php:11
actioninitedd-licensing.php:55
actioninitedd-licensing.php:56
actionnetwork_admin_menuedd-licensing.php:57
actionadmin_initedd-licensing.php:58
actionadmin_initedd-licensing.php:59
actionadmin_initedd-licensing.php:60
actionadmin_initedd-licensing.php:61
actionadmin_noticesedd-licensing.php:62
actionadmin_enqueue_scriptsedd-licensing.php:63
filterregister_post_type_argselementor-sitelets.php:38
actionelementor/initelementor-sitelets.php:41
actionelementor/element/after_section_startelementor-sitelets.php:42
actionelementor/elements/elements_registeredelementor-sitelets.php:43
actionelementor/widgets/registerelementor-sitelets.php:44
actionelementor/controls/registerelementor-sitelets.php:45
actionelementor/editor/before_enqueue_scriptselementor-sitelets.php:47
actionelementor/preview/enqueue_scriptselementor-sitelets.php:48
actionelementor/editor/after_enqueue_styleselementor-sitelets.php:49
actionwp_enqueue_scriptselementor-sitelets.php:53
actionadmin_menuglobal_content.php:17
actionadmin_enqueue_scriptsglobal_content.php:18
filterwp_nav_menu_itemsglobal_content.php:21
actionwpglobal_content.php:26
filterpre_set_site_transient_update_pluginsincludes\EDD_SL_Plugin_Updater.php:76
filterplugins_apiincludes\EDD_SL_Plugin_Updater.php:77
actionafter_plugin_rowincludes\EDD_SL_Plugin_Updater.php:78
actionadmin_initincludes\EDD_SL_Plugin_Updater.php:79
actionadmin_menusitelet-media-library.php:106
filterattachment_fields_to_editsitelet-media-library.php:107
filterattachment_fields_to_savesitelet-media-library.php:108
actionpre_get_postssitelet-media-library.php:109
actionposts_resultssitelet-media-library.php:110
filterajax_query_attachments_argssitelet-media-library.php:111
filterwp_get_attachment_image_attributessitelet-media-library.php:113
actiondelete_attachmentsitelet-media-library.php:115
actionelementor/editor/after_enqueue_scriptssitelet-media-library.php:117
filterwp_list_table_class_namesitelet-media-library.php:176
actionmedia_row_actionssitelet-media-library.php:187
filtergettextsitelet-media-library.php:189
actionadmin_footersitelet-media-library.php:191
filtermap_meta_capsitelet-media-library.php:205
filteruser_has_capsitelet-media-library.php:208
Maintenance & Trust

Sitelets for Multisite – Local Pages & Content Management for WordPress Multisite Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 8, 2025
PHP min version7.4
Downloads334

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Sitelets for Multisite – Local Pages & Content Management for WordPress Multisite Alternatives

Plugin Activation Status

Plugin Activation Status

plugin-activation-status

A
85

Scans a multisite or multi-network installation to identify all plugins that are active or not.

100 No CVEs
Code Snippets

Code Snippets

code-snippets

A
89

An easy, clean and simple way to enhance your site with code snippets.

1.0M 7 CVEs
User Switching

User Switching

user-switching

A
100

Instant switching between user accounts in WordPress and WooCommerce.

200K No CVEs
Safe Redirect Manager

Safe Redirect Manager

safe-redirect-manager

A
100

Safely manage your website's HTTP redirects.

40K 1 CVE
WP OPcache

WP OPcache

flush-opcache

A
92

Manage OPcache inside your WordPress admin dashboard.

10K No CVEs
Developer Profile

Sitelets for Multisite – Local Pages & Content Management for WordPress Multisite Developer Profile

Ralph Massetti

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Sitelets for Multisite – Local Pages & Content Management for WordPress Multisite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sitelets-for-multisite/assets/css/sitelets-style.css/wp-content/plugins/sitelets-for-multisite/assets/js/sitelets-script.js/wp-content/plugins/sitelets-for-multisite/assets/css/elementor-sitelets.css/wp-content/plugins/sitelets-for-multisite/assets/js/elementor-sitelets.js/wp-content/plugins/sitelets-for-multisite/assets/css/sitelets-admin-style.css
Script Paths
/wp-content/plugins/sitelets-for-multisite/assets/js/sitelets-script.js/wp-content/plugins/sitelets-for-multisite/assets/js/elementor-sitelets.js
Version Parameters
sitelets-for-multisite/assets/css/sitelets-style.css?ver=sitelets-for-multisite/assets/js/sitelets-script.js?ver=sitelets-for-multisite/assets/css/elementor-sitelets.css?ver=sitelets-for-multisite/assets/js/elementor-sitelets.js?ver=sitelets-for-multisite/assets/css/sitelets-admin-style.css?ver=

HTML / DOM Fingerprints

CSS Classes
sitelets-admin-dashboard-wrapsitelets-dashboard-contentsitelets-custom-column-permissionssitelet-editor-wrappersitelet-content-control-section
Data Attributes
data-sitelet-iddata-sitelet-typedata-sitelet-original-id
JS Globals
sitelets_admin_paramsSiteletsAdminSiteletsEditor
REST Endpoints
/wp-json/sitelets/v1/content/wp-json/sitelets/v1/settings
Shortcode Output
[sitelet_content][sitelet_link][sitelet_image]
FAQ

Frequently Asked Questions about Sitelets for Multisite – Local Pages & Content Management for WordPress Multisite