Does WP24 Domain Check have any unpatched vulnerabilities?

No. All known vulnerabilities in WP24 Domain Check have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP24 Domain Check compatible with WordPress 6.9.4?

According to WordPress.org data, WP24 Domain Check 1.12.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is WP24 Domain Check compatible with PHP 7.0.0+?

WP24 Domain Check requires PHP 7.0.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP24 Domain Check updated?

WP24 Domain Check was last updated on Jan 11, 2026. Frequent updates are generally a positive security signal.

What is WP24 Domain Check's security score?

WP24 Domain Check has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP24 Domain Check Security & Risk Analysis

wordpress.org/plugins/wp24-domain-check

Check (whois) domain names for availability. Easy integration via shortcode or widget.

5K active installs v1.12.0 PHP 7.0.0+ WP 5.0+ Updated Jan 11, 2026

domaindomain-checkdomain-checkerdomaincheckwhois

A · Safe

CVEs total2

Unpatched0

Last CVEDec 26, 2024

Plugin page Download

Safety Verdict

Is WP24 Domain Check Safe to Use in 2026?

Generally Safe

Score 99/100

WP24 Domain Check has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 26, 2024Updated 2mo ago

Risk Assessment

The wp24-domain-check plugin exhibits a mixed security posture, with several concerning areas that overshadow its positive aspects. While the absence of critical or high-severity vulnerabilities in its history and no reported dangerous functions or file operations are strengths, the static analysis reveals significant weaknesses. A large portion of the plugin's attack surface, specifically 4 out of 5 entry points (AJAX handlers), lacks authentication checks, presenting a substantial risk of unauthorized access or manipulation. Furthermore, the high percentage of unsanitized paths identified in the taint analysis, even without critical severity, suggests potential for unexpected behavior or vulnerabilities if inputs are not properly handled. The plugin's vulnerability history, with two medium-severity Cross-Site Scripting (XSS) vulnerabilities, further highlights concerns with input sanitization and output escaping. Although there are no currently unpatched CVEs, the recurrence of XSS issues indicates a need for more robust and consistent input validation and output encoding practices across the codebase. The low percentage of properly escaped output (26%) directly correlates with the historical XSS findings and represents a significant risk.

Key Concerns

4 unprotected AJAX handlers
Low output escaping percentage (26%)
3 unsanitized taint flows
2 medium CVEs (XSS)
No nonce checks
Only 1 capability check on 5 entry points

Vulnerabilities

WP24 Domain Check Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2025-24602medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP24 Domain Check <= 1.10.14 - Reflected Cross-Site Scripting

Dec 26, 2024 Patched in 1.10.15 (63d)

WF-e1dcdc7f-ae52-4c76-90db-ea136656bb0b-wp24-domain-checkmedium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

WP24 Domain Check <= 1.6.2 - Cross-Site Scripting

Jan 6, 2021 Patched in 1.6.3 (1112d)

Code Analysis

Analyzed Mar 16, 2026

WP24 Domain Check Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

111

40 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

50% prepared8 total queries

Output Escaping

26% escaped151 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

5 flows3 with unsanitized paths

prices_links (includes\class-wp24-settings.php:1692)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

WP24 Domain Check Attack Surface

Entry Points5

Unprotected4

AJAX Handlers 4

authwp_ajax_whois_queryincludes\class-wp24-domaincheck.php:33

noprivwp_ajax_whois_queryincludes\class-wp24-domaincheck.php:34

authwp_ajax_add_domain_to_cartincludes\class-wp24-domaincheck.php:38

noprivwp_ajax_add_domain_to_cartincludes\class-wp24-domaincheck.php:39

Shortcodes 1

[wp24_domaincheck] includes\class-wp24-domaincheck.php:28

WordPress Hooks 14

actionwp_enqueue_scriptsincludes\class-wp24-domaincheck.php:29

filterwoocommerce_add_cart_item_dataincludes\class-wp24-domaincheck.php:43

filterwoocommerce_get_item_dataincludes\class-wp24-domaincheck.php:44

actionwoocommerce_checkout_create_order_line_itemincludes\class-wp24-domaincheck.php:45

filterscript_loader_tagincludes\class-wp24-domaincheck.php:213

actionwp_footerincludes\class-wp24-domaincheck.php:365

actionwp_loadedincludes\class-wp24-settings.php:67

actionupgrader_process_completeincludes\class-wp24-settings.php:101

actionadmin_enqueue_scriptsincludes\class-wp24-settings.php:102

actionadmin_initincludes\class-wp24-settings.php:104

actionadmin_menuincludes\class-wp24-settings.php:105

actionwidgets_initincludes\class-wp24-widget.php:79

actionplugins_loadedwp24-domain-check.php:34

actioninitwp24-domain-check.php:41

Maintenance & Trust

WP24 Domain Check Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 11, 2026

PHP min version7.0.0

Downloads119K

Community Trust

Rating86/100

Number of ratings32

Active installs5K

Alternatives

WP24 Domain Check Alternatives

Dominion – Domain Checker for WPBakery

dominion-domain-checker-wpbakery-addon

Dominion Domain Checker is a WordPress plugin which allows you to swiftly check domain name availability from your WordPress site.

90 1 unpatched

WHMCS Domain Checker

whmcs-domain-checker

WordPress plugin that allows you to display the responsive WHMCS Domain Checker in a widget.

60 No CVEs

LJM WHMCS Domain Checker

whmcs-domain-checker-widget

A simple plugin for WordPress that allows you to display the Domain Checker for WHMCS in a nice tidy widget.

20 No CVEs

Powie's WHOIS Domain Check

powies-whois

Check a Domain WHOIS Lookup for availability. Simple insert the [pwhois] shortcode on a page or post

500 1 CVE

CB Domain Checker

cb-domain-checker

You can use the plugin for domain name search on your WordPress website using the shortcode [cb-domain-checker]

50 No CVEs

Developer Profile

WP24 Domain Check Developer Profile

WP24

1 plugin · 5K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

588 days

View full developer profile

Detection Fingerprints

How We Detect WP24 Domain Check

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wp24-domain-check/assets/js/domaincheck.js

Script Paths

/wp-content/plugins/wp24-domain-check/assets/js/domaincheck.js

Version Parameters

wp24-domain-check/style.css?ver=wp24-domain-check/assets/js/domaincheck.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp24-domain-checkwp24dc-wrapper

HTML Comments

+4 more

Data Attributes

data-wp24-domaincheck

JS Globals

wp24_domain_check_params

REST Endpoints

/wp-json/wp24-domain-check/v1/check

Shortcode Output

<div class="wp24-domain-check">

FAQ