Does Add Pingbacks have any unpatched vulnerabilities?

No. All known vulnerabilities in Add Pingbacks have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Add Pingbacks compatible with WordPress 7.0?

According to WordPress.org data, Add Pingbacks 1.2.3 has been tested up to WordPress 7.0. Check the plugin's changelog for the latest compatibility information.

Is Add Pingbacks compatible with PHP 5.6+?

Add Pingbacks requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Add Pingbacks updated?

Add Pingbacks was last updated on Mar 5, 2026. Frequent updates are generally a positive security signal.

What is Add Pingbacks's security score?

Add Pingbacks has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Add Pingbacks Security & Risk Analysis

wordpress.org/plugins/add-pingbacks

Manually add pingbacks to any post, page, or custom post type in WordPress.

10 active installs v1.2.3 PHP 5.6+ WP 5.0+ Updated Mar 5, 2026

commentscustom-post-typeslinkbacksmanual-pingbackspingbacks

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Add Pingbacks Safe to Use in 2026?

Generally Safe

Score 100/100

Add Pingbacks has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 29d ago

Risk Assessment

The 'add-pingbacks' plugin version 1.2.3 demonstrates a generally good security posture with no known historical vulnerabilities and a strong emphasis on prepared statements for SQL queries. The plugin also incorporates nonces and capability checks, which are positive security practices. However, the static analysis reveals a significant concern: one AJAX handler lacks authentication checks, creating an unprotected entry point into the application.

While the absence of critical taint flows, dangerous functions, file operations, and external HTTP requests is reassuring, the unprotected AJAX handler presents a potential avenue for attackers. Without proper authentication, an attacker could potentially trigger this AJAX action, leading to unintended consequences depending on its functionality. The relatively good output escaping (77%) is a positive, but the single unprotected entry point is a clear weakness that needs attention.

In conclusion, the plugin has strengths in its avoidance of common vulnerabilities and its SQL practices. Nevertheless, the presence of an unprotected AJAX handler is a notable security flaw that significantly elevates the risk profile. Addressing this specific vulnerability is crucial to improving the overall security of the plugin.

Key Concerns

Unprotected AJAX handler
13 total outputs, 77% properly escaped

Vulnerabilities

None known

Add Pingbacks Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Add Pingbacks Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

10 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

77% escaped13 total outputs

Attack Surface

1 unprotected

Add Pingbacks Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_get_postsadd-pingbacks.php:138

WordPress Hooks 1

actionadmin_menuadd-pingbacks.php:26

Maintenance & Trust

Add Pingbacks Maintenance & Trust

Maintenance Signals

WordPress version tested7.0

Last updatedMar 5, 2026

PHP min version5.6

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

Add Pingbacks Alternatives

No Page Comment

no-page-comment

An admin interface to control the default comment and trackback settings on new posts, pages and custom post types.

10K 2 CVEs

Really Simple Disable Comments

really-simple-disable-comments

100

Effortlessly disable all comments and trackback functionality across your entire WordPress site by activating this plugin.

200 No CVEs

Pingback Killer

pingback-killer

Pingback Killer disables all of WordPress' pingback functionality.

100 No CVEs

Remove Pingback-Trackback Comments

remove-pingback-trackback-comments

One step process to remove pingbacks and trackbacks and leave only real user opinions in your posts comments.

100 No CVEs

Comments by Post Type

comments-by-post-type

Separate comments by post type in admin menu.

10 No CVEs

Developer Profile

Add Pingbacks Developer Profile

simonquasar

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Add Pingbacks

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

notice-success

HTML Comments

made simple by <a href="https://www.simonquasar.net" target="_blank">simonquasar</a> since 2014

Data Attributes

name="submit_pingback"name="post_id"name="url"name="author"name="content"id="post-type"+2 more

JS Globals

ajaxurl

FAQ