StoragePress Security & Risk Analysis

wordpress.org/plugins/storagepress-self-storage

A plugin designed to let owner's of self-storage businesses list their storage units for rent on their WordPress website.

0 active installs v1.0.1 PHP 7.0+ WP 4.7+ Updated Oct 22, 2025
mini-storageself-storagestoragestorage-businessstorage-unit
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is StoragePress Safe to Use in 2026?

Generally Safe

Score 100/100

StoragePress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8mo ago
Risk Assessment

The storagepress-self-storage plugin exhibits a generally strong security posture, with a notable absence of critical vulnerabilities in its static analysis and historical data. The plugin effectively utilizes prepared statements for SQL queries and boasts a high percentage of properly escaped output, significantly mitigating common attack vectors. The lack of known CVEs and critical taint flows further reinforces this positive assessment. However, a single REST API route that lacks a permission callback presents a potential entry point for unauthorized access or data manipulation. While the total attack surface is small, this unprotected endpoint warrants attention as it bypasses standard WordPress authorization mechanisms. Overall, the plugin demonstrates good security practices, but this single unprotected REST API route introduces a tangible, albeit localized, risk that should be addressed.

Key Concerns

  • Unprotected REST API route
Vulnerabilities
None known

StoragePress Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

StoragePress Release Timeline

v1.0.1Current
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

StoragePress Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
6
109 escaped
Nonce Checks
3
Capability Checks
2
File Operations
2
External Requests
0
Bundled Libraries
0

Output Escaping

95% escaped115 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

1 flows
<storagepress_reservation_inquiries_page> (elements/storagepress_reservation_inquiries_page.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

StoragePress Attack Surface

Entry Points2
Unprotected1

REST API Routes 2

POST/wp-json/storagepress/v1/reserve-unitstoragepress.php:210
GET/wp-json/storagepress/v1/business-detailsstoragepress.php:263
WordPress Hooks 25
actionadmin_initjg_wp_plugin_kit/JGWPPlugin.php:75
actionadmin_enqueue_scriptsjg_wp_plugin_kit/JGWPPlugin.php:78
actionwp_enqueue_scriptsjg_wp_plugin_kit/JGWPPlugin.php:81
filterscript_loader_tagstoragepress.php:87
actionadmin_menustoragepress.php:90
actioninitstoragepress.php:94
actionadmin_menustoragepress.php:95
filterdefault_post_metadatastoragepress.php:96
actioninitstoragepress.php:97
filtermanage_posts_columnsstoragepress.php:105
actionmanage_posts_custom_columnstoragepress.php:106
actionedit_form_after_editorstoragepress.php:109
filterenter_title_herestoragepress.php:110
actionsave_poststoragepress.php:113
filtersingle_templatestoragepress.php:116
filterarchive_templatestoragepress.php:117
actioninitstoragepress.php:120
actioninitstoragepress.php:123
actionrest_api_initstoragepress.php:126
actionrest_api_initstoragepress.php:129
actioninitstoragepress.php:132
actionwp_enqueue_scriptsstoragepress.php:135
actionadmin_menustoragepress.php:138
actionadmin_noticesstoragepress.php:139
actionwp_enqueue_scriptsstoragepress.php:142
Maintenance & Trust

StoragePress Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 22, 2025
PHP min version7.0
Downloads959

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

StoragePress Developer Profile

JG Web Development

4 plugins · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect StoragePress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/storagepress-self-storage/jg_wp_plugin_kit/JGWPPlugin.php/wp-content/plugins/storagepress-self-storage/alpine.min.js/wp-content/plugins/storagepress-self-storage/settings.css/wp-content/plugins/storagepress-self-storage/reservation_inquiries.css/wp-content/plugins/storagepress-self-storage/feature_options_field.css/wp-content/plugins/storagepress-self-storage/storage_unit_meta_inputs.css
Script Paths
/wp-content/plugins/storagepress-self-storage/alpine.min.js
Version Parameters
storagepress-self-storage/alpine.min.js?ver=storagepress-self-storage/settings.css?ver=storagepress-self-storage/reservation_inquiries.css?ver=storagepress-self-storage/feature_options_field.css?ver=storagepress-self-storage/storage_unit_meta_inputs.css?ver=

HTML / DOM Fingerprints

CSS Classes
storagepress-settings
HTML Comments
NOTE: there may be an issue with getting 404 errors when registering the storage units post type, a quick fix is to visit the settings->permalinks page, and click save changesNOTE: but I may need a better solution in the future.NOTE: this is actually a more complex feature than I thought, because the quick edit form is created by cloning an element using js on the client side,NOTE: so this leads to displaying incorrect default values in the quick edit form
Data Attributes
data-storagepress-settings
REST Endpoints
/wp-json/storagepress/v1/business-details/wp-json/storagepress/v1/reserve-unit
FAQ

Frequently Asked Questions about StoragePress