Aucor core Security & Risk Analysis

wordpress.org/plugins/aucor-core

Core plugin for WordPress projects.

10 active installs v1.1.4 PHP 7.0+ WP 4.7.3+ Updated Oct 7, 2020
aucorcore
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Aucor core Safe to Use in 2026?

Generally Safe

Score 85/100

Aucor core has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The aucor-core plugin v1.1.4 exhibits a generally positive security posture based on the provided static analysis and vulnerability history. The absence of any known CVEs, past or present, is a significant strength, suggesting a history of stable and secure development. Furthermore, the analysis reveals a minimal attack surface, with no AJAX handlers, REST API routes, shortcodes, or cron events, which significantly reduces potential entry points for attackers. The code also avoids dangerous functions and file operations, and does not make external HTTP requests, further contributing to its secure design.

However, there are some areas that warrant attention. The analysis indicates that 100% of SQL queries are not using prepared statements, which presents a risk of SQL injection vulnerabilities if these queries handle user-supplied data. Additionally, a substantial portion of output (76%) is not properly escaped, leading to a high risk of Cross-Site Scripting (XSS) vulnerabilities. While there are capability checks present, the complete lack of nonce checks on the identified entry points (though there are no identified entry points in this case, this is a general concern for future development) could also be a weakness if any were to be introduced. The bundling of TinyMCE, while a common practice, also introduces a dependency on an external library that could have its own vulnerabilities if not kept up-to-date, though no specific issues are flagged here.

In conclusion, aucor-core v1.1.4 benefits from a clean vulnerability history and a small attack surface. Its primary weaknesses lie in the implementation of its single SQL query and the significant lack of output escaping. Addressing these specific code-level concerns would greatly improve the plugin's security. The absence of identified vulnerabilities to date is commendable, but the observed code quality issues in SQL and output handling mean that proactive measures are still necessary to prevent future security incidents.

Key Concerns

  • SQL queries without prepared statements
  • Insufficient output escaping
Vulnerabilities
None known

Aucor core Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Aucor core Release Timeline

v1.1.4Current
v1.1.3
v1.1.2
v1.1.1
v1.1
v1.0.13
v1.0.12
Code Analysis
Analyzed Mar 16, 2026

Aucor core Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
0 prepared
Unescaped Output
22
7 escaped
Nonce Checks
0
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

TinyMCE

SQL Query Safety

0% prepared1 total queries

Output Escaping

24% escaped29 total outputs
Attack Surface

Aucor core Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 53
filtermedia_view_settingsfeatures\admin\sub_features\class-admin-gallery.php:24
actionadmin_initfeatures\admin\sub_features\class-admin-image-link.php:24
filterlogin_headertextfeatures\admin\sub_features\class-admin-login.php:24
filterlogin_headerurlfeatures\admin\sub_features\class-admin-login.php:25
actionadmin_menufeatures\admin\sub_features\class-admin-menu-cleanup.php:24
actionadmin_headfeatures\admin\sub_features\class-admin-notifications.php:24
filteruser_contactmethodsfeatures\admin\sub_features\class-admin-profile-cleanup.php:25
actionadmin_bar_menufeatures\admin\sub_features\class-admin-remove-customizer.php:24
filtertiny_mce_before_initfeatures\classic-editor\sub_features\class-editor-tinymce.php:24
actionwp_dashboard_setupfeatures\dashboard\sub_features\class-dashboard-cleanup.php:24
actionwp_dashboard_setupfeatures\dashboard\sub_features\class-dashboard-recent-widget.php:24
actionadmin_enqueue_scriptsfeatures\dashboard\sub_features\class-dashboard-recent-widget.php:25
filterthe_contentfeatures\debug\sub_features\class-debug-style-guide.php:24
actionwp_headfeatures\debug\sub_features\class-debug-wireframe.php:24
filterexcerpt_morefeatures\front-end\sub_features\class-front-end-excerpt.php:24
filterexcerpt_lengthfeatures\front-end\sub_features\class-front-end-excerpt.php:25
filternext_posts_link_attributesfeatures\front-end\sub_features\class-front-end-html-fixes.php:24
filterscript_loader_tagfeatures\front-end\sub_features\class-front-end-html-fixes.php:25
actioninitfeatures\localization\sub_features\class-localization-string-translations.php:24
filteracf/settings/show_adminfeatures\plugins\sub_features\class-plugins-acf.php:24
filtergform_tabindexfeatures\plugins\sub_features\class-plugins-gravityforms.php:28
filtergform_init_scripts_footerfeatures\plugins\sub_features\class-plugins-gravityforms.php:33
filterredirection_rolefeatures\plugins\sub_features\class-plugins-redirection.php:24
actionwp_before_admin_bar_renderfeatures\plugins\sub_features\class-plugins-seo.php:24
actionadmin_initfeatures\plugins\sub_features\class-plugins-yoast.php:24
filterwpseo_metabox_priofeatures\plugins\sub_features\class-plugins-yoast.php:25
filterthe_seo_framework_metabox_priorityfeatures\plugins\sub_features\class-plugins-yoast.php:26
filterwpseo_opengraph_image_sizefeatures\plugins\sub_features\class-plugins-yoast.php:27
filterwpseo_twitter_image_sizefeatures\plugins\sub_features\class-plugins-yoast.php:28
filteradmin_email_check_intervalfeatures\security\sub_features\class-security-disable-admin-email-check.php:24
filterthe_generatorfeatures\security\sub_features\class-security-head-cleanup.php:26
filterxmlrpc_enabledfeatures\security\sub_features\class-security-head-cleanup.php:29
filterwp_headersfeatures\security\sub_features\class-security-head-cleanup.php:32
filterxmlrpc_methodsfeatures\security\sub_features\class-security-head-cleanup.php:35
filterthe_authorfeatures\security\sub_features\class-security-hide-users.php:24
filterthe_modified_authorfeatures\security\sub_features\class-security-hide-users.php:25
filterget_the_author_linkfeatures\security\sub_features\class-security-hide-users.php:26
filterrest_endpointsfeatures\security\sub_features\class-security-hide-users.php:27
filtercomment_moderation_recipientsfeatures\security\sub_features\class-security-remove-comment-moderation.php:24
actionadmin_initfeatures\security\sub_features\class-security-remove-commenting.php:24
actionadmin_menufeatures\security\sub_features\class-security-remove-commenting.php:25
actionadmin_initfeatures\security\sub_features\class-security-remove-commenting.php:26
actionadmin_initfeatures\security\sub_features\class-security-remove-commenting.php:27
actionwp_before_admin_bar_renderfeatures\security\sub_features\class-security-remove-commenting.php:28
filtercomments_arrayfeatures\security\sub_features\class-security-remove-commenting.php:30
filtercomments_openfeatures\security\sub_features\class-security-remove-commenting.php:32
filterpings_openfeatures\security\sub_features\class-security-remove-commenting.php:33
filterwp_revisions_to_keepfeatures\speed\sub_features\class-speed-limit-revisions.php:24
actionwp_default_scriptsfeatures\speed\sub_features\class-speed-move-jquery.php:24
actioninitfeatures\speed\sub_features\class-speed-remove-emojis.php:24
actionadd_meta_boxesfeatures\speed\sub_features\class-speed-remove-metabox.php:24
actionplugins_loadedplugin.php:138
actionplugins_loadedplugin.php:143
Maintenance & Trust

Aucor core Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18
Last updatedOct 7, 2020
PHP min version7.0
Downloads5K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Developer Profile

Aucor core Developer Profile

Generaxion

6 plugins · 560 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Aucor core

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/aucor-core/features/admin/css/admin.css/wp-content/plugins/aucor-core/features/classic-editor/css/classic-editor.css/wp-content/plugins/aucor-core/features/dashboard/css/dashboard.css/wp-content/plugins/aucor-core/features/front-end/css/front-end.css/wp-content/plugins/aucor-core/features/speed/css/speed.css/wp-content/plugins/aucor-core/features/debug/css/debug.css/wp-content/plugins/aucor-core/features/admin/js/admin.js/wp-content/plugins/aucor-core/features/front-end/js/front-end.js+1 more
Script Paths
/wp-content/plugins/aucor-core/plugin.php
Version Parameters
aucor-core/style.css?ver=aucor-core/admin/css/admin.css?ver=aucor-core/classic-editor/css/classic-editor.css?ver=aucor-core/dashboard/css/dashboard.css?ver=aucor-core/front-end/css/front-end.css?ver=aucor-core/speed/css/speed.css?ver=aucor-core/debug/css/debug.css?ver=aucor-core/admin/js/admin.js?ver=aucor-core/front-end/js/front-end.js?ver=aucor-core/debug/js/debug.js?ver=

HTML / DOM Fingerprints

CSS Classes
aucor-core-dashboard-recent-widget
Data Attributes
data-aucor-core-debug-style-guide
JS Globals
window.aucorCore
FAQ

Frequently Asked Questions about Aucor core