WP-Safety

Sitelets – Multisite Local Website Manager Security & Risk Analysis

wordpress.org/plugins/sitelets-for-multisite

Manage and scale multi-location website networks in WordPress Multisite with centralized brand control and enterprise-level publishing.

0 active installs v1.0.0 PHP 7.2+ WP 6.0+ Updated Apr 6, 2026
franchise-websiteslocation-pagesmulti-location-websitesmultisitewordpress-multisite
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Sitelets – Multisite Local Website Manager Safe to Use in 2026?

Generally Safe

Score 100/100

Sitelets – Multisite Local Website Manager has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "sitelets-for-multisite" plugin version 1.0.0 exhibits several concerning security practices, despite a clean vulnerability history. The most significant risk stems from an unprotected AJAX handler, which presents a direct entry point for potential attackers. While the plugin has a relatively small attack surface, this single unprotected endpoint drastically increases its vulnerability. The presence of the dangerous `unserialize` function, coupled with a raw SQL query that does not utilize prepared statements, raises further alarms. These elements, particularly when combined with potential unsanitized data passed through the AJAX handler, could lead to serious security issues like remote code execution or SQL injection if not handled with extreme caution and proper sanitization.

The plugin's vulnerability history is currently clean, with zero recorded CVEs. This is a positive indicator, suggesting that either the plugin has not been extensively targeted or that its current code has not yet been found to contain exploitable vulnerabilities. However, this lack of historical issues should not be seen as a guarantee of current security. The static analysis has clearly identified potential weaknesses that could be exploited in the future, especially given the unprotected AJAX endpoint. The significant percentage of properly escaped output (81%) is a strength, but it doesn't negate the critical risks identified.

In conclusion, while the plugin benefits from a clean vulnerability record and decent output escaping, its security posture is significantly weakened by an unprotected AJAX handler and the use of dangerous functions like `unserialize` alongside raw SQL queries. These factors combine to create a moderate to high risk profile, demanding immediate attention to secure the AJAX endpoint and sanitize all data before processing, especially before unserialization or database interaction.

Key Concerns

  • Unprotected AJAX handler present
  • Dangerous function used (unserialize)
  • SQL query without prepared statements
  • Taint flow with unsanitized paths
Vulnerabilities
None known

Sitelets – Multisite Local Website Manager Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Sitelets – Multisite Local Website Manager Release Timeline

v1.0.0Current
v0.3
v0.2
Code Analysis
Analyzed Mar 17, 2026

Sitelets – Multisite Local Website Manager Code Analysis

Dangerous Functions
2
Raw SQL Queries
1
0 prepared
Unescaped Output
27
113 escaped
Nonce Checks
13
Capability Checks
5
File Operations
0
External Requests
8
Bundled Libraries
0

Dangerous Functions Found

unserializeupdate_post_meta( $post_id, '_elementor_page_assets', unserialize($meta['_elementor_page_assets'][0]elementor-sitelets.php:146
unserializeupdate_post_meta( $post_id, '_elementor_page_settings', unserialize($meta['_elementor_page_settings'elementor-sitelets.php:150

SQL Query Safety

0% prepared1 total queries

Output Escaping

81% escaped140 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

6 flows1 with unsanitized paths
license_page (edd-licensing.php:195)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Sitelets – Multisite Local Website Manager Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 2

authwp_ajax_fetch_notificationsadmin-menus.php:87
authwp_ajax_submit_sitelet_feedbackbug-report.php:12
WordPress Hooks 72
filterpost_row_actionsadmin-menus.php:27
filterpage_row_actionsadmin-menus.php:28
actionadmin_headadmin-menus.php:29
actionadmin_enqueue_scriptsadmin-menus.php:30
filtermanage_posts_columnsadmin-menus.php:31
actionmanage_posts_custom_columnadmin-menus.php:35
filtermanage_pages_columnsadmin-menus.php:36
actionmanage_pages_custom_columnadmin-menus.php:37
actionquick_edit_custom_boxadmin-menus.php:38
actionsave_postadmin-menus.php:39
actionwp_after_insert_postadmin-menus.php:40
actionsave_postadmin-menus.php:44
actionpre_get_postsadmin-menus.php:47
actioninitadmin-menus.php:53
actionpre_get_postsadmin-menus.php:54
actionadmin_menuadmin-menus.php:55
actionwp_dashboard_setupadmin-menus.php:56
filterwpseo_canonicaladmin-menus.php:59
actionwp_headadmin-menus.php:61
filterbulk_actions-edit-postadmin-menus.php:65
filterbulk_actions-edit-pageadmin-menus.php:66
actionadmin_initadmin-menus.php:69
actionadmin_initadmin-menus.php:70
actionadmin_initadmin-menus.php:71
actionadmin_initadmin-menus.php:72
actionadmin_noticesadmin-menus.php:74
actionwp_initialize_siteadmin-menus.php:78
actionuser_registeradmin-menus.php:79
actionadmin_bar_menuadmin-sitelets.php:36
actionadmin_enqueue_scriptsbug-report.php:11
actioninitedd-licensing.php:55
actioninitedd-licensing.php:56
actionnetwork_admin_menuedd-licensing.php:57
actionadmin_initedd-licensing.php:58
actionadmin_initedd-licensing.php:59
actionadmin_initedd-licensing.php:60
actionadmin_initedd-licensing.php:61
actionadmin_noticesedd-licensing.php:62
actionadmin_enqueue_scriptsedd-licensing.php:63
filterregister_post_type_argselementor-sitelets.php:38
actionelementor/initelementor-sitelets.php:41
actionelementor/element/after_section_startelementor-sitelets.php:42
actionelementor/elements/elements_registeredelementor-sitelets.php:43
actionelementor/widgets/registerelementor-sitelets.php:44
actionelementor/controls/registerelementor-sitelets.php:45
actionelementor/editor/before_enqueue_scriptselementor-sitelets.php:47
actionelementor/preview/enqueue_scriptselementor-sitelets.php:48
actionelementor/editor/after_enqueue_styleselementor-sitelets.php:49
actionwp_enqueue_scriptselementor-sitelets.php:53
actionadmin_menuglobal_content.php:17
actionadmin_enqueue_scriptsglobal_content.php:18
filterwp_nav_menu_itemsglobal_content.php:21
actionwpglobal_content.php:26
filterpre_set_site_transient_update_pluginsincludes\EDD_SL_Plugin_Updater.php:76
filterplugins_apiincludes\EDD_SL_Plugin_Updater.php:77
actionafter_plugin_rowincludes\EDD_SL_Plugin_Updater.php:78
actionadmin_initincludes\EDD_SL_Plugin_Updater.php:79
actionadmin_menusitelet-media-library.php:106
filterattachment_fields_to_editsitelet-media-library.php:107
filterattachment_fields_to_savesitelet-media-library.php:108
actionpre_get_postssitelet-media-library.php:109
actionposts_resultssitelet-media-library.php:110
filterajax_query_attachments_argssitelet-media-library.php:111
filterwp_get_attachment_image_attributessitelet-media-library.php:113
actiondelete_attachmentsitelet-media-library.php:115
actionelementor/editor/after_enqueue_scriptssitelet-media-library.php:117
filterwp_list_table_class_namesitelet-media-library.php:176
actionmedia_row_actionssitelet-media-library.php:187
filtergettextsitelet-media-library.php:189
actionadmin_footersitelet-media-library.php:191
filtermap_meta_capsitelet-media-library.php:205
filteruser_has_capsitelet-media-library.php:208
Maintenance & Trust

Sitelets – Multisite Local Website Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedApr 6, 2026
PHP min version7.2
Downloads460

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Sitelets – Multisite Local Website Manager Alternatives

Ultimate Multisite – WordPress Multisite SaaS & WaaS Platform

Ultimate Multisite – WordPress Multisite SaaS & WaaS Platform

ultimate-multisite

A
100

Ultimate Multisite turns your WordPress network into a WaaS platform with subscriptions, site provisioning, and domain mapping.

20 No CVEs
Multisite Logout Users

Multisite Logout Users

multisite-logout-all-users

A
85

Requires Wordpress Multisite Installation Stable Tag: 1.0 License: GPLv3 License URI: http://www.gnu.org/licenses/gpl-3.0.html

0 No CVEs
Multisite Media Manager

Multisite Media Manager

multisite-media-manager

A
85

Organize Media with ease across all the child websites.

0 No CVEs
Code Snippets

Code Snippets

code-snippets

A
89

An easy, clean and simple way to enhance your site with code snippets.

1.0M 7 CVEs
User Switching

User Switching

user-switching

A
100

Instant switching between user accounts in WordPress and WooCommerce.

200K No CVEs
Developer Profile

Sitelets – Multisite Local Website Manager Developer Profile

@SaaSy

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Sitelets – Multisite Local Website Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/sitelets-for-multisite/assets/css/sitelets-style.css/wp-content/plugins/sitelets-for-multisite/assets/js/sitelets-script.js/wp-content/plugins/sitelets-for-multisite/assets/css/elementor-sitelets.css/wp-content/plugins/sitelets-for-multisite/assets/js/elementor-sitelets.js/wp-content/plugins/sitelets-for-multisite/assets/css/sitelets-admin-style.css
Script Paths
/wp-content/plugins/sitelets-for-multisite/assets/js/sitelets-script.js/wp-content/plugins/sitelets-for-multisite/assets/js/elementor-sitelets.js
Version Parameters
sitelets-for-multisite/assets/css/sitelets-style.css?ver=sitelets-for-multisite/assets/js/sitelets-script.js?ver=sitelets-for-multisite/assets/css/elementor-sitelets.css?ver=sitelets-for-multisite/assets/js/elementor-sitelets.js?ver=sitelets-for-multisite/assets/css/sitelets-admin-style.css?ver=

HTML / DOM Fingerprints

CSS Classes
sitelets-admin-dashboard-wrapsitelets-dashboard-contentsitelets-custom-column-permissionssitelet-editor-wrappersitelet-content-control-section
Data Attributes
data-sitelet-iddata-sitelet-typedata-sitelet-original-id
JS Globals
sitelets_admin_paramsSiteletsAdminSiteletsEditor
REST Endpoints
/wp-json/sitelets/v1/content/wp-json/sitelets/v1/settings
Shortcode Output
[sitelet_content][sitelet_link][sitelet_image]
FAQ

Frequently Asked Questions about Sitelets – Multisite Local Website Manager