Does Bootstrap have any unpatched vulnerabilities?

No. All known vulnerabilities in Bootstrap have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Bootstrap compatible with WordPress 3.6.1?

According to WordPress.org data, Bootstrap 0.3.1 has been tested up to WordPress 3.6.1. Check the plugin's changelog for the latest compatibility information.

How often is Bootstrap updated?

Bootstrap was last updated on May 11, 2013. Frequent updates are generally a positive security signal.

What is Bootstrap's security score?

Bootstrap has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Bootstrap Security & Risk Analysis

wordpress.org/plugins/bootstrap

Easily include Bootstrap library (or just the parts of it you want) in your website.

100 active installs v0.3.1 PHP + WP 3.0+ Updated May 11, 2013

cssstylesheetthemetwitter-bootstrap

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Bootstrap Safe to Use in 2026?

Generally Safe

Score 85/100

Bootstrap has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The plugin 'bootstrap' v0.3.1 exhibits a strong security posture based on the provided static analysis and vulnerability history. The absence of any identified dangerous functions, raw SQL queries, or significant output escaping issues is a positive indicator. The plugin also demonstrates a commendable lack of known vulnerabilities, including critical or high severity ones, and no recent security incidents have been recorded. This suggests a well-maintained and securely coded plugin.

However, there are a few areas that, while not immediately indicating a critical risk, could be improved. The complete absence of nonce checks and capability checks across all identified entry points (even though the attack surface is zero) is noteworthy. While the current analysis shows no unprotected entry points, future development or a change in how the plugin interacts with WordPress core could introduce vulnerabilities if these checks are not implemented as a standard practice. The presence of file operations, though not quantified in terms of risk, warrants attention if the operations are not strictly controlled and validated.

Overall, 'bootstrap' v0.3.1 appears to be a secure plugin with no immediate exploitable vulnerabilities. Its vulnerability history is clean, and the code analysis reveals good practices in areas like SQL querying and output escaping. The primary areas for potential future improvement lie in incorporating standard WordPress security measures like nonce and capability checks as a proactive measure against potential future security risks.

Key Concerns

No nonce checks implemented
No capability checks implemented

Vulnerabilities

None known

Bootstrap Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Bootstrap Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

156 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

98% escaped160 total outputs

Attack Surface

Bootstrap Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionadmin_initbootstrap.php:42

actionadmin_menubootstrap.php:43

actionwp_enqueue_scriptsbootstrap.php:45

Maintenance & Trust

Bootstrap Maintenance & Trust

Maintenance Signals

WordPress version tested3.6.1

Last updatedMay 11, 2013

PHP min version

Downloads22K

Community Trust

Rating40/100

Number of ratings2

Active installs100

Alternatives

Bootstrap Alternatives

Add Admin CSS

add-admin-css

Easily define additional CSS (inline and/or by URL) to be added to all administration pages.

10K 1 CVE

CSS Theme Override

css-theme-override

Adds a settings panel to the Wordpress admin that allows you to specify css class or id styles and pages/posts to apply them to.

100 No CVEs

Include Parent Theme RTL CSS

include-parent-theme-rtl-css

Allows to include a parent theme RTL stylesheet for a child theme.

10 No CVEs

Theme-Independent Stylesheets

theme-independent-stylesheets

Allows for use of uploaded stylesheets (.css files) to be used alongside any theme

10 No CVEs

Simple Custom CSS and JS

custom-css-js

100

Easily add Custom CSS or JS to your website with an awesome editor.

700K 1 CVE

Developer Profile

Bootstrap Developer Profile

shazdeh

24 plugins · 4K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Bootstrap

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/bootstrap/lib/bootstrap/less/mixins.less/wp-content/plugins/bootstrap/lib/bootstrap/less/variables.less

Script Paths

/wp-content/plugins/bootstrap/lib/bootstrap/js/bootstrap.js/wp-content/plugins/bootstrap/lib/bootstrap/js/bootstrap.min.js/wp-content/plugins/bootstrap/lib/bootstrap/js/bootstrap-transition.js/wp-content/plugins/bootstrap/lib/bootstrap/js/bootstrap-alert.js/wp-content/plugins/bootstrap/lib/bootstrap/js/bootstrap-dropdown.js/wp-content/plugins/bootstrap/lib/bootstrap/js/bootstrap-modal.js+9 more

Version Parameters

bootstrap/style.css?ver=bootstrap-admin.css?ver=bootstrap-admin.js?ver=bootstrap.js?ver=bootstrap.min.js?ver=bootstrap-transition.js?ver=bootstrap-alert.js?ver=bootstrap-dropdown.js?ver=bootstrap-modal.js?ver=bootstrap-tooltip.js?ver=bootstrap-button.js?ver=bootstrap-popover.js?ver=bootstrap-typeahead.js?ver=bootstrap-carousel.js?ver=bootstrap-scrollspy.js?ver=bootstrap-collapse.js?ver=bootstrap-tab.js?ver=bootstrap-affix.js?ver=

HTML / DOM Fingerprints

CSS Classes

checkbox

HTML Comments

JS Globals

bootstrap

FAQ