Does Breeze Display have any unpatched vulnerabilities?

No. All known vulnerabilities in Breeze Display have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Breeze Display compatible with WordPress 6.8.5?

According to WordPress.org data, Breeze Display 1.2.4 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

How often is Breeze Display updated?

Breeze Display was last updated on Apr 23, 2025. Frequent updates are generally a positive security signal.

What is Breeze Display's security score?

Breeze Display has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Breeze Display Security & Risk Analysis

wordpress.org/plugins/wt-display-breeze

A plugin that brings in your Breeze church management software data (events, full calendar, pledges, donations and contributions) for display on your …

80 active installs v1.2.4 PHP + WP 4.9+ Updated Apr 23, 2025

breezebreeze-donationsbreeze-eventsbreeze-wordpresslivebar

A · Safe

CVEs total1

Unpatched0

Last CVEApr 24, 2025

Plugin page Download

Safety Verdict

Is Breeze Display Safe to Use in 2026?

Generally Safe

Score 99/100

Breeze Display has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 24, 2025Updated 11mo ago

Risk Assessment

The "wt-display-breeze" plugin v1.2.4 presents a mixed security profile. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and has no known unpatched vulnerabilities, indicating a generally well-maintained codebase regarding past issues. The static analysis also shows no direct dangerous functions, file operations, or external HTTP requests, which are common attack vectors.

However, several concerning areas were identified in the static analysis. The plugin exhibits a concerningly low percentage (25%) of properly escaped output, suggesting a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis revealed "flows with unsanitized paths," indicating potential for sensitive data to be exposed or manipulated without proper sanitization, although no critical or high severity issues were flagged in this specific analysis. The absence of nonce checks and capability checks across its entry points (shortcodes) is a significant weakness, allowing unauthenticated or low-privileged users to potentially trigger unintended actions or access restricted data through these shortcodes.

The vulnerability history shows a past medium severity vulnerability related to XSS, reinforcing the concern raised by the low output escaping. While there are no currently unpatched vulnerabilities, the pattern of past XSS issues coupled with the current lack of output escaping and authorization checks on shortcodes suggests an ongoing risk of similar vulnerabilities if not addressed. The plugin's strengths lie in its SQL handling and lack of unpatched CVEs, but its weaknesses in output sanitization and authorization for shortcodes pose a tangible risk to WordPress installations.

Key Concerns

Low output escaping percentage (25%)
Unsanitized paths in taint analysis
No nonce checks on entry points (shortcodes)
No capability checks on entry points (shortcodes)
Past medium XSS vulnerability

Vulnerabilities

Breeze Display Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-3749medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Breeze Display <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via cal_size Parameter

Apr 24, 2025 Patched in 1.2.4 (1d)

Code Analysis

Analyzed Mar 16, 2026

Breeze Display Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

134

45 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

25% escaped179 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

wt_breeze_giving_shortcode (includes\shortcodes.php:7)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Breeze Display Attack Surface

Entry Points4

Unprotected0

Shortcodes 4

[wt_breeze_giving] includes\shortcodes.php:5

[wt_breeze_full_cal] includes\shortcodes.php:73

[wt_breeze_campaigns] includes\shortcodes.php:222

[wt_breeze_list] includes\shortcodes.php:410

WordPress Hooks 20

actionadmin_menuincludes\options.php:6

filtermedia_upload_tabsincludes\shortcodes.php:23

actionmedia_upload_wt_breeze_donate_tabincludes\shortcodes.php:31

filtermedia_upload_tabsincludes\shortcodes.php:131

actionmedia_upload_wt_breeze_fullcal_tabincludes\shortcodes.php:139

filtermedia_upload_tabsincludes\shortcodes.php:298

actionmedia_upload_wt_breeze_campaign_tabincludes\shortcodes.php:306

filtermedia_upload_tabsincludes\shortcodes.php:528

actionmedia_upload_wt_breeze_tabincludes\shortcodes.php:536

actionwidgets_initincludes\widgets.php:11

actionwidgets_initincludes\widgets.php:242

actionadmin_initwt-breeze.php:15

actionadmin_initwt-breeze.php:27

actionwp_headwt-breeze.php:120

actionwp_enqueue_scriptswt-breeze.php:167

actionadmin_enqueue_scriptswt-breeze.php:168

actionwp_footerwt-breeze.php:169

actionwp_footerwt-breeze.php:170

actionadmin_footerwt-breeze.php:171

actionadmin_noticeswt-breeze.php:201

Maintenance & Trust

Breeze Display Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 23, 2025

PHP min version

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs80

Alternatives

Breeze Display Alternatives

No alternatives data available yet.

Developer Profile

Breeze Display Developer Profile

Michael

4 plugins · 280 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect Breeze Display

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wt-display-breeze/includes/js/wt-breeze-admin.js/wp-content/plugins/wt-display-breeze/includes/js/wt-breeze-frontend.js/wp-content/plugins/wt-display-breeze/includes/css/wt-breeze-admin.css/wp-content/plugins/wt-display-breeze/includes/css/wt-breeze-frontend.css/wp-content/plugins/wt-display-breeze/includes/css/wt-breeze-widget.css

Script Paths

https://livebar.church/livebar.js

Version Parameters

wt-breeze-admin.js?ver=wt-breeze-frontend.js?ver=wt-breeze-admin.css?ver=wt-breeze-frontend.css?ver=wt-breeze-widget.css?ver=

HTML / DOM Fingerprints

CSS Classes

wt-breeze-calendarwt-breeze-event-listwt-breeze-pledge-formwt-breeze-donation-formwt-breeze-contribution-formlivebar-header

Data Attributes

data-layoutdata-background-colordata-button-colordata-text-colordata-button-text-colordata-button-text+8 more

JS Globals

wt_breeze_admin_varswt_breeze_frontend_vars

Shortcode Output

[wt_breeze_calendar][wt_breeze_event_list][wt_breeze_pledge_form][wt_breeze_donation_form]

FAQ