Does Canto Clients have any unpatched vulnerabilities?

No. All known vulnerabilities in Canto Clients have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Canto Clients compatible with WordPress 3.7.41?

According to WordPress.org data, Canto Clients 1.0 has been tested up to WordPress 3.7.41. Check the plugin's changelog for the latest compatibility information.

How often is Canto Clients updated?

Canto Clients was last updated on Oct 17, 2019. Frequent updates are generally a positive security signal.

What is Canto Clients's security score?

Canto Clients has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Canto Clients Security & Risk Analysis

wordpress.org/plugins/canto-clients

Canto Clients simple and effective client logo shortcode.

10 active installs v1.0 PHP + WP 3.0+ Updated Oct 17, 2019

clientsclients-logocustom-post-typeshortcode

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Canto Clients Safe to Use in 2026?

Generally Safe

Score 85/100

Canto Clients has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "canto-clients" v1.0 plugin demonstrates a strong security posture based on the provided static analysis. It exhibits excellent adherence to secure coding practices, with no identified dangerous functions, file operations, or external HTTP requests. Crucially, all SQL queries are prepared, and all output is properly escaped, mitigating common injection and cross-site scripting (XSS) vulnerabilities. The lack of any recorded CVEs or past vulnerabilities further reinforces this positive assessment, suggesting a history of responsible development and maintenance.

However, a significant concern arises from the complete absence of nonces and capability checks. While the current attack surface is small and there are no unprotected entry points detected, this leaves the plugin vulnerable to CSRF (Cross-Site Request Forgery) attacks if any of its functionalities were to be triggered without proper authorization checks. The presence of a shortcode, even without immediate exploitation paths identified, represents a potential entry point that could be further secured. In conclusion, the plugin is technically well-built, but the lack of authentication and authorization checks on its functionalities presents a critical oversight that needs immediate attention to achieve a truly secure state.

Key Concerns

Missing nonce checks
Missing capability checks

Vulnerabilities

None known

Canto Clients Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Canto Clients Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

Canto Clients Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[canto_clients] canto-clients.php:99

WordPress Hooks 3

actioninitcanto-clients.php:20

actionwp_print_stylescanto-clients.php:45

actionwp_print_scriptscanto-clients.php:50

Maintenance & Trust

Canto Clients Maintenance & Trust

Maintenance Signals

WordPress version tested3.7.41

Last updatedOct 17, 2019

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Canto Clients Alternatives

Apollo13 Framework Extensions

apollo13-framework-extensions

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs

Posts in Page

posts-in-page

Easily add one or more posts to any page using simple shortcodes.

10K 1 CVE

W4 Post List

w4-post-list

W4 Post List lets you create a list of posts, terms, users or a combined one. Decorate output using shortcodes. It's just easy and fun.

3K 5 CVEs

Coupon Creator

coupon-creator

100

Create coupons to display on your site by using a shortcode.

2K 1 CVE

WebMan Amplifier

webman-amplifier

Amplifies functionality of WP themes. Provides custom post types, shortcodes, metaboxes, icons. Theme developer's best friend!

2K 1 CVE

Developer Profile

Canto Clients Developer Profile

CantoThemes

2 plugins · 20 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Canto Clients

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/canto-clients/css/canto_clients.css/wp-content/plugins/canto-clients/js/jquery.BlackAndWhite.min.js

Script Paths

/wp-content/plugins/canto-clients/js/jquery.BlackAndWhite.min.js

Version Parameters

canto-clients/css/canto_clients.css?ver=jquery.BlackAndWhite.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

canto_clientsblackandwhite

Shortcode Output

<ul class="canto_clients clearfix"><li class="blackandwhite"><img src=

FAQ