Does Aperture have any unpatched vulnerabilities?

No. All known vulnerabilities in Aperture have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Aperture compatible with WordPress 4.9.29?

According to WordPress.org data, Aperture 1.0.2 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

Is Aperture compatible with PHP 5.3+?

Aperture requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Aperture updated?

Aperture was last updated on Aug 21, 2018. Frequent updates are generally a positive security signal.

What is Aperture's security score?

Aperture has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Aperture Security & Risk Analysis

wordpress.org/plugins/aperture

This plugin adds a Microsub endpoint to your WordPress site by using the hosted Aperture service. This lets you log in to social readers like Monocle …

10 active installs v1.0.2 PHP 5.3+ WP 4.7+ Updated Aug 21, 2018

apertureindiewebmicrosub

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Aperture Safe to Use in 2026?

Generally Safe

Score 85/100

Aperture has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "aperture" plugin v1.0.2 exhibits a mixed security posture. While it demonstrates good practices by not utilizing dangerous functions, performing all SQL queries with prepared statements, and lacking any recorded vulnerabilities or CVEs, significant concerns arise from its attack surface and output handling. The presence of an unprotected REST API route presents a direct entry point for potential attackers. Furthermore, the complete lack of output escaping means that any data rendered by the plugin could be vulnerable to Cross-Site Scripting (XSS) attacks if it originates from an untrusted source or is manipulated. The taint analysis also indicates two flows with unsanitized paths, though these are not currently classified as critical or high severity. Overall, the plugin's strengths lie in its lack of historical vulnerabilities and its secure database interactions, but the identified risks in its attack surface and output sanitization require immediate attention to prevent potential exploitation.

Key Concerns

REST API route without permission callbacks
No output escaping
Flows with unsanitized paths
No nonce checks on AJAX
No capability checks

Vulnerabilities

None known

Aperture Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Aperture Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped2 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

verification (aperture.php:81)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Aperture Attack Surface

Entry Points1

Unprotected1

REST API Routes 1

GET/wp-json/aperture/1.0/verificationaperture.php:33

WordPress Hooks 4

actionwp_headaperture.php:20

actionrest_api_initaperture.php:21

actionadmin_noticesaperture.php:24

actionadmin_noticesaperture.php:28

Maintenance & Trust

Aperture Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedAug 21, 2018

PHP min version5.3

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Aperture Alternatives

Yarns Microsub Server

yarns-microsub-server

Using your own WordPress site, aggregate a social timeline of your favourite sites from across the Web and then view and reply to your feeds using a M …

10 No CVEs