WP-Safety

Tally Homepage Control Security & Risk Analysis

wordpress.org/plugins/tally-homepage-control

Customize or Edit Home page Content for Tally Themes

10 active installs v1.6 PHP + WP 4.4+ Updated Feb 18, 2016
content-changehome-content-changespagebuildertallythemes
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Tally Homepage Control Safe to Use in 2026?

Generally Safe

Score 85/100

Tally Homepage Control has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The Tally Homepage Control plugin version 1.6 presents a moderate security risk primarily due to its handling of its single AJAX entry point. While the plugin has no recorded vulnerability history and appears to have a clean record, the static analysis reveals significant security concerns within its codebase. The presence of an AJAX handler without any authentication checks is a major red flag, potentially allowing any unauthenticated user to trigger actions within the plugin. This, combined with the use of the `unserialize` function and a high percentage of SQL queries not utilizing prepared statements, significantly increases the attack surface and the likelihood of code injection or data manipulation vulnerabilities. Although the taint analysis did not identify critical or high severity flows, the underlying patterns of insecure coding practices warrant caution. The plugin shows a strength in its complete output escaping and lack of file operations or external HTTP requests, but these are overshadowed by the critical flaws in its input validation and data handling.

Key Concerns

  • AJAX handler without auth checks
  • Unserialize function used
  • SQL queries without prepared statements
  • Low output escaping percentage
  • No capability checks
Vulnerabilities
None known

Tally Homepage Control Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Tally Homepage Control Code Analysis

Dangerous Functions
1
Raw SQL Queries
7
0 prepared
Unescaped Output
88
12 escaped
Nonce Checks
4
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$page_import = tallybuilder_import_page_from_array(unserialize( tallybuilder_decode( $_POST['page_imfunctions.php:460

SQL Query Safety

0% prepared7 total queries

Output Escaping

12% escaped100 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

12 flows6 with unsanitized paths
tallybuilder_admin_action_deletePage (functions.php:480)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Tally Homepage Control Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_tallybuilder_section_orderfunctions.php:341
WordPress Hooks 12
actionadmin_menuadmin-pages.php:2
actionwp_headfrontend.php:64
actionadd_meta_boxesmetabox.php:8
actionsave_postmetabox.php:76
actionadd_meta_boxesmetabox.php:85
actionsave_postmetabox.php:135
actioninitpost-type.php:7
filtergettextpost-type.php:80
actionadmin_noticespost-type.php:122
actionadmin_enqueue_scriptsscript-loader.php:12
actionwp_enqueue_scriptsscript-loader.php:27
actioninittally-homepage-control.php:46
Maintenance & Trust

Tally Homepage Control Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedFeb 18, 2016
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Tally Homepage Control Alternatives

WooBuilder

WooBuilder

woobuilder

A
85

WooBuilder lets you take complete control of your product layout, let's you create advanced, professional looking product page layouts.

800 No CVEs
Booster Pack for Divi

Booster Pack for Divi

booster-pack-for-divi

A
85

Adds many more useful widgets to Divi Page Builder

500 No CVEs
WP Munich Blocks – Gutenberg Blocks for WordPress

WP Munich Blocks – Gutenberg Blocks for WordPress

wp-munich-blocks

B
84

Create amazing content with the new WordPress block editor and the WP Munich blocks.

300 1 CVE
Booster Pack for Beaver Builder

Booster Pack for Beaver Builder

booster-beaver

A
85

Booster Pack for Beaver Builder is a collection new and exciting widgets to Beaver Builder Plugin.

100 No CVEs
Page Builder Companion

Page Builder Companion

page-builder-companion

A
100

Page Builder Companion helps you build fascinating full width pages with three different template types. Choose the one you like and enjoy displaying …

100 No CVEs
Developer Profile

Tally Homepage Control Developer Profile

TallyThemes

5 plugins · 130 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Tally Homepage Control

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/tally-homepage-control/assets/bootstrap/css/bootstrap.min.css/wp-content/plugins/tally-homepage-control/assets/css/animate.css/wp-content/plugins/tally-homepage-control/assets/css/tallybuilder.css/wp-content/plugins/tally-homepage-control/assets/css/tallybuilder-admin.css/wp-content/plugins/tally-homepage-control/assets/js/tallybuilder-admin.js/wp-content/plugins/tally-homepage-control/assets/bootstrap/js/bootstrap.min.js/wp-content/plugins/tally-homepage-control/assets/js/wow.min.js/wp-content/plugins/tally-homepage-control/assets/js/tallybuilder.js
Script Paths
/wp-content/plugins/tally-homepage-control/assets/js/tallybuilder-admin.js/wp-content/plugins/tally-homepage-control/assets/js/tallybuilder.js/wp-content/plugins/tally-homepage-control/assets/bootstrap/js/bootstrap.min.js/wp-content/plugins/tally-homepage-control/assets/js/wow.min.js

HTML / DOM Fingerprints

CSS Classes
tallybuilder-adminbootstrapanimatetallybuilder
Data Attributes
data-tallybuilder-parent-page
FAQ

Frequently Asked Questions about Tally Homepage Control