Does ClassDex have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is ClassDex compatible with WordPress 4.0.38?

According to WordPress.org data, ClassDex 1.2.4 has been tested up to WordPress 4.0.38. Check the plugin's changelog for the latest compatibility information.

How often is ClassDex updated?

ClassDex was last updated on Nov 10, 2014. Frequent updates are generally a positive security signal.

What is ClassDex's security score?

ClassDex has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

ClassDex Security — No Known CVEs

Safety Verdict

Is ClassDex Safe to Use in 2026?

Generally Safe

Score 85/100

ClassDex has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The classdex plugin version 1.2.4 demonstrates a mixed security posture. On the positive side, it exhibits good practices regarding database interactions, with all SQL queries utilizing prepared statements. Furthermore, it implements a substantial number of nonce and capability checks, suggesting an awareness of WordPress security mechanisms. The complete absence of known CVEs and a clean vulnerability history are also significant strengths, indicating a generally well-maintained codebase or a lack of past exploitation.

However, several areas present potential risks. The presence of the `unserialize` function is a critical red flag, as it can lead to Remote Code Execution vulnerabilities if used with untrusted input. While the static analysis did not reveal direct unsanitized paths involving `unserialize` leading to critical or high severity, the function itself remains a dangerous entry point. Additionally, only 32% of output is properly escaped, which could expose the site to Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not consistently handled with appropriate sanitization before being displayed.

Despite the low number of entry points and the absence of direct critical taint flows, the combination of `unserialize` and low output escaping coverage constitutes a notable risk. The vulnerability history, while clean, does not negate the inherent dangers within the code. The plugin's strengths lie in its secure SQL handling and authentication checks, but these are overshadowed by the potential for severe issues stemming from `unserialize` and insufficient output sanitization. Users should exercise caution and consider mitigation strategies for these identified weaknesses.

Key Concerns

Dangerous function unserialize detected
Low percentage of properly escaped output
Bundled outdated library DataTables v1.9.4

Vulnerabilities

None known

ClassDex Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

ClassDex Release Timeline

v1.1.9

v1.1.6

v1.1.5

v1.1.4

v1.1.3

v1.1.2

Code Analysis

Analyzed Mar 17, 2026

ClassDex Code Analysis

Dangerous Functions

1

Raw SQL Queries

0

69 prepared

Unescaped Output

194

91 escaped

Nonce Checks

18

Capability Checks

12

File Operations

7

External Requests

0

Bundled Libraries

1

Dangerous Functions Found

unserialize$serial = unserialize($response);includes\MCAPI.class.php:2464

Bundled Libraries

DataTables1.9.4

SQL Query Safety

100% prepared69 total queries

Output Escaping

32% escaped285 total outputs

Data Flows · Security

7 unsanitized

Data Flow Analysis

17 flows7 with unsanitized paths

<clear_table> (clear_table.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

ClassDex Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[classdex_detail] includes\shortcodes.php:125

[classdex_list] includes\shortcodes.php:182

WordPress Hooks 6

actionadmin_initclassdex.php:166

actionwp_dashboard_setupclassdex.php:184

actionwp_dashboard_setupclassdex.php:199

actionadmin_menuclassdex.php:304

actionadmin_enqueue_scriptsclassdex.php:323

actionwp_enqueue_scriptsclassdex.php:330

Maintenance & Trust

ClassDex Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38

Last updatedNov 10, 2014

PHP min version

Downloads4K

Community Trust

Rating100/100

Number of ratings3

Active installs10

Alternatives

ClassDex Alternatives

Cart66 to Mailchimp

cart66-to-mailchimp

A

85

Send customer emails to a Mailchimp list at the completion of a Cart66 transaction. Customer will receive a confirmation email from Mailchimp.

10 No CVEs

MC4WP: Mailchimp for WordPress

mailchimp-for-wp

A

92

The #1 Mailchimp plugin for WordPress. Allows you to add a multitude of newsletter sign-up methods to your site.

1.0M 11 CVEs

Mailchimp for WooCommerce

mailchimp-for-woocommerce

A

99

Connect your store to your Mailchimp audience to track sales, create targeted emails, send abandoned cart emails, and more.

200K 2 CVEs

Redirection for Contact Form 7

wpcf7-redirect

A

88

Redirect to any page or URL, execute scripts after submission, save data to the database, and unlock additional submission actions for Contact Form 7.

200K 14 CVEs

Mailchimp List Subscribe Form

mailchimp

A

99

Add a Mailchimp signup form block, widget, or shortcode to your WordPress site.

60K 1 CVE

Developer Profile

ClassDex Developer Profile

johndaskovsky

2 plugins · 20 total installs

84

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect ClassDex

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/classdex/css/classdex.css/wp-content/plugins/classdex/css/select2.css/wp-content/plugins/classdex/js/classdex.js/wp-content/plugins/classdex/js/select2.min.js/wp-content/plugins/classdex/js/classdex_admin.js

Script Paths

/wp-content/plugins/classdex/js/classdex.js/wp-content/plugins/classdex/js/select2.min.js/wp-content/plugins/classdex/js/classdex_admin.js

Version Parameters

classdex/css/classdex.css?ver=classdex/css/select2.css?ver=classdex/js/classdex.js?ver=classdex/js/select2.min.js?ver=classdex/js/classdex_admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

classdex_search_formclassdex_title_displayclassdex_add_customer_formclassdex_add_class_formclassdex_customer_listclassdex_class_listclassdex_payment_formclassdex_registration_form+2 more

HTML Comments

+5 more

Data Attributes

data-classdex-class-iddata-classdex-customer-iddata-classdex-registration-iddata-classdex-payment-id

JS Globals

classdex_vars

Shortcode Output

[classdex_search][classdex_list][classdex_customers][classdex_register]

FAQ

ClassDex Security & Risk Analysis

Is ClassDex Safe to Use in 2026?

Generally Safe

Key Concerns

ClassDex Security Vulnerabilities

ClassDex Release Timeline

ClassDex Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

ClassDex Attack Surface

Shortcodes 2

ClassDex Maintenance & Trust

Maintenance Signals

Community Trust

ClassDex Alternatives

Cart66 to Mailchimp

MC4WP: Mailchimp for WordPress

Mailchimp for WooCommerce

Redirection for Contact Form 7

Mailchimp List Subscribe Form

ClassDex Developer Profile

How We Detect ClassDex

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about ClassDex