Does Active Plugins have any unpatched vulnerabilities?

No. All known vulnerabilities in Active Plugins have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Active Plugins compatible with WordPress 4.6.30?

According to WordPress.org data, Active Plugins 1.7 has been tested up to WordPress 4.6.30. Check the plugin's changelog for the latest compatibility information.

How often is Active Plugins updated?

Active Plugins was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Active Plugins's security score?

Active Plugins has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Active Plugins Security & Risk Analysis

wordpress.org/plugins/active-plugins-on-multisite

Generates a list of plugins that are currently in use

10 active installs v1.7 PHP + WP 4.5.0+ Updated Unknown

mutlisitepluginsutility

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Active Plugins Safe to Use in 2026?

Generally Safe

Score 100/100

Active Plugins has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "active-plugins-on-multisite" plugin v1.7 demonstrates a generally strong security posture based on the provided static analysis. The complete absence of any identified entry points like AJAX handlers, REST API routes, shortcodes, or cron events significantly reduces its potential attack surface. Furthermore, the code's adherence to using prepared statements for all SQL queries is a positive indicator of secure database interaction. The absence of dangerous functions, file operations, and external HTTP requests also contributes to a lower risk profile.

However, a significant concern arises from the output escaping. With 75% of outputs not properly escaped, this plugin presents a clear risk of Cross-Site Scripting (XSS) vulnerabilities. While no taint flows were identified in the analysis, the lack of proper escaping on a majority of outputs means that if any user-supplied data were to reach these unescaped output points, an XSS attack would be highly probable. The plugin's vulnerability history is clean, with no known CVEs, which is a positive sign, but this should not overshadow the identified XSS risk.

In conclusion, while the "active-plugins-on-multisite" plugin v1.7 has excellent practices regarding its attack surface and SQL handling, and boasts a clean vulnerability record, the critical deficiency in output escaping presents a substantial risk. Addressing the unescaped outputs should be the immediate priority to mitigate potential XSS vulnerabilities.

Key Concerns

Significant amount of unescaped output

Vulnerabilities

None known

Active Plugins Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Active Plugins Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

25% escaped12 total outputs

Attack Surface

Active Plugins Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actioninitactive-plugins.php:35

actionadmin_noticesactive-plugins.php:46

actionnetwork_admin_menuactive-plugins.php:49

actionadmin_enqueue_scriptsactive-plugins.php:50

Maintenance & Trust

Active Plugins Maintenance & Trust

Maintenance Signals

WordPress version tested4.6.30

Last updatedUnknown

PHP min version

Downloads4K

Community Trust

Rating80/100

Number of ratings3

Active installs10

Alternatives

Active Plugins Alternatives

WP Rollback – Rollback Plugins and Themes

wp-rollback

Rollback (or forward) any WordPress.org plugin, theme, or block like a boss.

300K 2 CVEs

Download Plugin

download-plugin

Download any plugin from your WordPress admin panel's Plugins page by just one click! Now, download themes, users, blog posts, pages, custom post …

50K 5 CVEs

Advanced Automatic Updates

automatic-updater

Adds extra options to WordPress' built-in Automatic Updates feature.

30K No CVEs

Stratum Widgets for Elementor

stratum

20+ Premium widgets for Elementor, including Advanced Slider, Instagram, Google Maps, Advanced Accordion, Post Grid.

30K 6 CVEs

Flipbox – Awesomes Flip Boxes Image Overlay

image-hover-effects-ultimate-visual-composer

Showcase team members or any list with Flipbox - Awesome Flip Boxes Image Overlay. A clean, responsive, and professional way to display your team.

10K 1 CVE

Developer Profile

Active Plugins Developer Profile

Kailey (trepmal)

12 plugins · 2K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Active Plugins

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

show-pluginhide-if-no-jsshow-empty

Data Attributes

checked

FAQ