Does Biscotti have any unpatched vulnerabilities?

No. All known vulnerabilities in Biscotti have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Biscotti compatible with WordPress 6.5.8?

According to WordPress.org data, Biscotti 2.1.0 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

Is Biscotti compatible with PHP 8.0+?

Biscotti requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Biscotti updated?

Biscotti was last updated on May 1, 2024. Frequent updates are generally a positive security signal.

What is Biscotti's security score?

Biscotti has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Biscotti Security & Risk Analysis

wordpress.org/plugins/biscotti

Biscotti makes your user's login cookie a little bit longer.

20 active installs v2.1.0 PHP 8.0+ WP 6.0+ Updated May 1, 2024

cookiesloginprofile

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Biscotti Safe to Use in 2026?

Generally Safe

Score 92/100

Biscotti has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

Based on the provided static analysis and vulnerability history, the "biscotti" v2.1.0 plugin demonstrates a strong security posture. The absence of any identified attack surface entry points, dangerous functions, raw SQL queries, file operations, or external HTTP requests is highly commendable and indicates excellent secure coding practices. Furthermore, the fact that all identified outputs are properly escaped and that there are no recorded vulnerabilities or CVEs in its history further reinforces this positive assessment.

However, the lack of nonce checks and the single capability check, while not immediately indicating a vulnerability in this specific version given the zero attack surface, could be areas for future attention should the plugin evolve. The absence of taint analysis results is also notable; while it suggests no critical or high-severity issues were found, it's generally beneficial to have this analysis performed to confirm the absence of complex vulnerabilities. Overall, the plugin appears very secure, with its strengths lying in its minimal attack surface and robust input/output handling. The primary "weakness" is the lack of comprehensive security checks like nonces, though its current limited scope makes this less of an immediate concern.

Vulnerabilities

None known

Biscotti Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Biscotti Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped5 total outputs

Attack Surface

Biscotti Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionshow_user_profilebiscotti.php:120

actionedit_user_profilebiscotti.php:121

actionpersonal_options_updatebiscotti.php:133

actionedit_user_profile_updatebiscotti.php:134

filterauth_cookie_expirationbiscotti.php:162

Maintenance & Trust

Biscotti Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedMay 1, 2024

PHP min version8.0

Downloads1K

Community Trust

Rating100/100

Number of ratings1

Active installs20

Alternatives

Biscotti Alternatives

Login Logout Menu

100

Login Logout Menu is a handy plugin which allows you to add login, logout, register and profile menu items in your selected menu.

20K 1 CVE

UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP

userswp

Light weight Front-end login form, User Registration, User Profile and Members Directory plugin.

20K 14 CVEs

Pie Register – User Registration, Profiles & Content Restriction

pie-register

Create customized registration forms, Invite through email, Email Notification, User Roles assignment, and more. Pie Register is a User Registration p …

2K 1 unpatched

JSON API User

json-api-user

Extends the JSON API Plugin to allow RESTful user registration, authentication & many other User Meta, BP functions. A Pro version is also available.

1K 1 CVE

Admin Tweaks

many-tips-together

100

Customize various aspects of WordPress backend. Create a clean and easier admin area for the users.

1K No CVEs

Developer Profile

Biscotti Developer Profile

Jason Cosper

1 plugin · 20 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Biscotti

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

biscotti_login_cookie_expiration

Data Attributes

name="biscotti_login_cookie_expiration"id="biscotti_login_cookie_expiration"

FAQ