Does addfreespace have any unpatched vulnerabilities?

Yes — addfreespace currently has 1 published unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is addfreespace compatible with WordPress 4.2.39?

According to WordPress.org data, addfreespace 0.1.3 has been tested up to WordPress 4.2.39. Check the plugin's changelog for the latest compatibility information.

How often is addfreespace updated?

addfreespace was last updated on May 14, 2015. Frequent updates are generally a positive security signal.

What is addfreespace's security score?

addfreespace has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

addfreespace Security & Risk Analysis

wordpress.org/plugins/addfreespace

記事上下に自由な記述ができるフリースペースを加えることができます。You can add freespace.

10 active installs v0.1.3 PHP + WP 3.3+ Updated May 14, 2015

C · Use Caution

CVEs total1

Unpatched1

Last CVEMay 4, 2026

Plugin page Download

Safety Verdict

Is addfreespace Safe to Use in 2026?

Use With Caution

Score 63/100

addfreespace has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: May 4, 2026Updated 11yr ago

Risk Assessment

The 'addfreespace' plugin v0.1.3 exhibits a seemingly low-risk profile based on the provided static analysis and vulnerability history. The lack of any identified entry points (AJAX handlers, REST API routes, shortcodes, cron events) significantly reduces the potential attack surface. Furthermore, the absence of dangerous functions, SQL queries not using prepared statements, file operations, and external HTTP requests are all positive security indicators.

However, a critical concern emerges from the static analysis: 100% of the identified output escaping is improperly handled. This means that any data rendered by the plugin could potentially be vulnerable to cross-site scripting (XSS) attacks. While taint analysis found no unsanitized paths, the lack of proper output escaping on all identified outputs is a significant weakness that could be exploited if any user-controlled data is ever rendered.

Given the lack of historical vulnerabilities and the minimal attack surface, the plugin's overall security posture appears strong in many areas. Nevertheless, the universal failure to properly escape output presents a clear and actionable risk that requires immediate attention to prevent potential XSS vulnerabilities. Addressing this issue would significantly bolster the plugin's security.

Key Concerns

Improper output escaping on all outputs

Vulnerabilities

1 published

addfreespace Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2026-6701medium · 4.3Cross-Site Request Forgery (CSRF)

addfreespace <= 0.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page

May 4, 2026Unpatched

Version History

addfreespace Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

addfreespace Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped4 total outputs

Attack Surface

addfreespace Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 20

actionadmin_menuaddfreespace.php:33

filterthe_contentaddfreespace.php:142

filterthe_contentaddfreespace.php:143

filterthe_contentaddfreespace.php:144

filterthe_contentaddfreespace.php:145

filterthe_contentaddfreespace.php:146

filterthe_contentaddfreespace.php:147

filterthe_contentaddfreespace.php:148

filterthe_contentaddfreespace.php:149

filterthe_contentaddfreespace.php:150

filterthe_contentaddfreespace.php:151

filterthe_contentaddfreespace.php:152

filterthe_contentaddfreespace.php:153

filterthe_contentaddfreespace.php:154

filterthe_contentaddfreespace.php:155

filterthe_contentaddfreespace.php:156

filterthe_contentaddfreespace.php:157

filterthe_contentaddfreespace.php:158

filterthe_contentaddfreespace.php:159

filterthe_contentaddfreespace.php:160

Maintenance & Trust

addfreespace Maintenance & Trust

Maintenance Signals

WordPress version tested4.2.39

Last updatedMay 14, 2015

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

addfreespace Alternatives

No alternatives data available yet.

Developer Profile

addfreespace Developer Profile

土橋一夫 Kazuo Dobashi

3 plugins · 30 total installs

trust score

Avg Security Score

78/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect addfreespace

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/addfreespace/addfreespace.css

Script Paths

/wp-content/plugins/addfreespace/addfreespace_functions.js/wp-content/plugins/addfreespace/addfreespace_const.js/wp-content/plugins/addfreespace/jquery.numeric.js

HTML / DOM Fingerprints

CSS Classes

addfreespace_wrapexplain_addfreespaceaddfreespace_simple_wrapbtn_submitaddfreespace_ab_wrapaddfreespace_footeraddfreespace_createdby

Data Attributes

id="addfreespace_wrap"id="disp_mytitle"id="addfreespace_simple_wrap"id="addfreespace_ab_wrap"id="addfreespace_footer"id="urikomi"+8 more

JS Globals

ADDFREESPACE_DEBUG

FAQ