Plugin inspection:

WordPress MU Domain Mapping

Use with caution

Last revised:

Confidence: Medium
This plugin has been given a short, targeted code review.

Before using this plugin, you should carefully consider these findings. Read more about this recommendation.


  • Puts $_SERVER[‘HTTP_HOST’] into SQL queries without escaping (sunrise.php line 30)
  • Uses functions marked “Do not use, deprecated” to escape SQL ($wpdb->escape())
  • No consistent use of SQL – escaping is sometimes done with $wpdb->prepare(), sometimes with $wpdb->escape(), and sometimes not at all

Reason for the 'Use with caution' result

The plugin contains or is likely to contain a vulnerability which could be exploited by a privileged user to affect the site’s confidentiality, integrity or availability in a manner exceeding their privileges:

  • May be vulnerable to SQL injection.

Failure criteria

  • Execution of unprepared SQL statements
  • Failure to use available core functionality

Read more about our failure criteria.