Does CIDRAM have any unpatched vulnerabilities?

No. All known vulnerabilities in CIDRAM have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CIDRAM compatible with WordPress 6.9.4?

According to WordPress.org data, CIDRAM 4.0.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is CIDRAM compatible with PHP 7.2+?

CIDRAM requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is CIDRAM updated?

CIDRAM was last updated on Jan 19, 2026. Frequent updates are generally a positive security signal.

What is CIDRAM's security score?

CIDRAM has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CIDRAM Security & Risk Analysis

wordpress.org/plugins/cidram

CIDRAM: A PHP-level CIDR/IP-based firewall solution.

20 active installs v4.0.1 PHP 7.2+ WP 4.8+ Updated Jan 19, 2026

anti-spamcidrfirewallsecuritywaf

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is CIDRAM Safe to Use in 2026?

Generally Safe

Score 100/100

CIDRAM has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The 'cidram' plugin v4.0.1 presents a mixed security posture. While the plugin boasts a zero attack surface and a clean vulnerability history with no known CVEs, its static analysis reveals significant underlying concerns. The presence of the 'unserialize' function is a critical red flag, especially when coupled with a concerning output escaping rate of only 1%. Furthermore, taint analysis indicates three flows with unsanitized paths, one of which is of high severity. This suggests that user-supplied data, if processed by these unsanitized flows and subsequently passed through 'unserialize' or improperly escaped output mechanisms, could lead to serious security vulnerabilities such as remote code execution or data leakage.

The lack of any nonce checks, capability checks beyond a single instance, and a very low output escaping rate are substantial weaknesses. These elements, combined with the identified tainted data flows, significantly increase the risk of exploitation. While the plugin has a positive historical record, the current static analysis findings highlight potential risks that need immediate attention. The plugin's strengths lie in its lack of external attack vectors and its clean CVE history, but the internal code quality regarding data sanitization and output handling is a major concern.

Key Concerns

Dangerous function 'unserialize' used
High severity taint flow found
Taint flows with unsanitized paths (3)
Low output escaping rate (1%)
No nonce checks
Minimal capability checks (1)

Vulnerabilities

None known

CIDRAM Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

CIDRAM Code Analysis

Dangerous Functions

Raw SQL Queries

22 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

110

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$Data = unserialize($Data) ?: [];vault\events\default.php:142

unserialize$Data = (is_string($Data) && $Data !== '') ? unserialize($Data) : [];vault\Maikuolan\Common\Cache.php:366

unserialize$Arr = unserialize($Entry);vault\Maikuolan\Common\Cache.php:1121

SQL Query Safety

100% prepared22 total queries

Output Escaping

1% escaped79 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

<fixer> (vault\pages\fixer.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

CIDRAM Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actioninitcidram.php:71

actionadmin_menucidram.php:78

Maintenance & Trust

CIDRAM Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 19, 2026

PHP min version7.2

Downloads7K

Community Trust

Rating100/100

Number of ratings12

Active installs20

Alternatives

CIDRAM Alternatives

CloudSecure WP Security

cloudsecure-wp-security

100

管理画面とログインURLをサイバー攻撃から守る、国産・日本語対応のセキュリティ対策プラグインです。かんたんな設定を行うだけで、不正アクセスや不正ログインからあなたのWordPressを保護します。

100K No CVEs

Login Security, FireWall, Malware removal by CleanTalk

security-malware-firewall

Brute force, Login security & Two Factor Auth (2FA). Limit login. Malware & Vulnerabilities scan. FireWall. Enterprise ready security plugin.

30K 5 CVEs

Forget Spam Comment

forget-spam-comment

100

The ultimate solution to stop spam comments in the default commenting system of WordPress

9K No CVEs

Security Ninja – WordPress Security Plugin & Firewall

security-ninja

WordPress security plugin with free basic firewall/WAF, vulnerability scanning, and 50+ core integrity checks.

7K 1 CVE

BotBlocker Security – Firewall & Bot Protection

botblocker-security

100

Protect your WordPress site: firewall, bot & brute-force protection, anti-spam, multi-layer CAPTCHA, optional cloud threat intel.

2K No CVEs

Developer Profile

CIDRAM Developer Profile

Maikuolan

1 plugin · 20 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect CIDRAM

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cidram/asset/admin.min.css/wp-content/plugins/cidram/asset/admin.min.js

Script Paths

/wp-content/plugins/cidram/asset/admin.min.js

Version Parameters

cidram/asset/admin.min.css?ver=cidram/asset/admin.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

cidram-admin-page

HTML Comments

Data Attributes

data-cidram-nonce

FAQ