Does Classroom have any unpatched vulnerabilities?

No. All known vulnerabilities in Classroom have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Classroom compatible with WordPress 5.2.24?

According to WordPress.org data, Classroom 2.2.7 has been tested up to WordPress 5.2.24. Check the plugin's changelog for the latest compatibility information.

How often is Classroom updated?

Classroom was last updated on Aug 7, 2019. Frequent updates are generally a positive security signal.

What is Classroom's security score?

Classroom has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Classroom Security & Risk Analysis

wordpress.org/plugins/classroom

Create a digital video based classroom in WordPress. This plugin gives you the ability to publish classes. It's flexible enough to combine with o …

10 active installs v2.2.7 PHP + WP 3.7+ Updated Aug 7, 2019

classroomeducationschoolwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Classroom Safe to Use in 2026?

Generally Safe

Score 85/100

Classroom has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago

Risk Assessment

The "classroom" plugin version 2.2.7 presents a mixed security posture. On the positive side, the plugin demonstrates good practices regarding SQL queries, as all 100% are using prepared statements. It also has no recorded vulnerabilities in its history, indicating a potentially stable and well-maintained codebase. Furthermore, the absence of file operations and external HTTP requests reduces certain attack vectors.

However, there are significant areas of concern. The static analysis reveals an unprotected AJAX handler, which is a critical entry point for potential attacks if not properly secured. The low percentage of properly escaped output (18%) is a major red flag, suggesting that user-supplied data might be rendered directly into the page, opening the door for Cross-Site Scripting (XSS) vulnerabilities. The lack of nonce checks and capability checks on this AJAX handler further exacerbates the risk. The analysis also identified unsanitized paths in 3 taint flows, although they were not classified as critical or high severity. The bundled Select2 library is also outdated (v3.0.3), which could contain known vulnerabilities.

In conclusion, while the plugin benefits from secure SQL handling and a clean vulnerability history, the presence of an unprotected AJAX endpoint, a significant amount of unescaped output, and an outdated bundled library represent substantial security weaknesses that require immediate attention. The high likelihood of XSS vulnerabilities due to poor output escaping is the most pressing concern.

Key Concerns

Unprotected AJAX handler
Low output escaping (18%)
Missing nonce checks
Missing capability checks
Unsanitized paths in taint flows
Bundled outdated library (Select2 v3.0.3)

Vulnerabilities

None known

Classroom Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Classroom Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select23.0.3

SQL Query Safety

100% prepared1 total queries

Output Escaping

18% escaped34 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

complete_class (public\class-wp-classroom-public.php:227)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Classroom Attack Surface

Entry Points9

Unprotected1

AJAX Handlers 1

authwp_ajax_complete_classincludes\class-wp-classroom.php:243

Shortcodes 8

[course_list] public\partials\shortcodes.php:11

[courses] public\partials\shortcodes.php:12

[student_profile] public\partials\shortcodes.php:13

[complete_class] public\partials\shortcodes.php:14

[course_progress] public\partials\shortcodes.php:15

[classroom_login] public\partials\shortcodes.php:16

[course_show] public\partials\shortcodes.php:17

[classroom_breadcrumb] public\partials\shortcodes.php:18

WordPress Hooks 66

actionparse_requestincludes\class-custom-routes.php:65

filterquery_varsincludes\class-custom-routes.php:66

filterrewrite_rules_arrayincludes\class-custom-routes.php:67

actionwp_loadedincludes\class-custom-routes.php:68

actionwoocommerce_product_write_panel_tabsincludes\class-woocommerce-purchase.php:27

actionwoocommerce_product_data_panelsincludes\class-woocommerce-purchase.php:28

actionwoocommerce_process_product_metaincludes\class-woocommerce-purchase.php:29

filterwoocommerce_get_price_htmlincludes\class-woocommerce-purchase.php:31

actionwoocommerce_before_add_to_cart_buttonincludes\class-woocommerce-purchase.php:32

actionwoocommerce_add_order_item_metaincludes\class-woocommerce-purchase.php:33

filterwoocommerce_add_cart_item_dataincludes\class-woocommerce-purchase.php:34

filterwoocommerce_get_cart_item_from_sessionincludes\class-woocommerce-purchase.php:35

filterwoocommerce_get_item_dataincludes\class-woocommerce-purchase.php:36

filterthe_contentincludes\class-woocommerce-purchase.php:37

actionwoocommerce_order_status_cancelledincludes\class-wp-classroom-purchase-handler.php:15

actionwoocommerce_order_status_completedincludes\class-wp-classroom-purchase-handler.php:16

actionwoocommerce_order_status_processingincludes\class-wp-classroom-purchase-handler.php:17

actionwoocommerce_order_status_processingincludes\class-wp-classroom-purchase-handler.php:18

actionwoocommerce_order_status_refundedincludes\class-wp-classroom-purchase-handler.php:19

actionwoocommerce_order_status_failedincludes\class-wp-classroom-purchase-handler.php:22

actionwoocommerce_order_status_on_holdincludes\class-wp-classroom-purchase-handler.php:23

actionwoocommerce_order_status_pendingincludes\class-wp-classroom-purchase-handler.php:24

actionwoocommerce_order_givenincludes\class-wp-classroom-purchase-handler.php:27

actiongroups_ws_subscription_expiredincludes\class-wp-classroom-purchase-handler.php:30

actiongroups_created_user_groupincludes\class-wp-classroom-purchase-handler.php:33

actiongroups_deleted_user_groupincludes\class-wp-classroom-purchase-handler.php:34

actionwoocommerce_scheduled_subscription_end_of_prepaid_termincludes\class-wp-classroom-purchase-handler.php:50

actionplugins_loadedincludes\class-wp-classroom.php:162

actioninitincludes\class-wp-classroom.php:174

actioninitincludes\class-wp-classroom.php:187

actioninitincludes\class-wp-classroom.php:188

actionadmin_enqueue_scriptsincludes\class-wp-classroom.php:189

actionadmin_enqueue_scriptsincludes\class-wp-classroom.php:190

actioncmb2_admin_initincludes\class-wp-classroom.php:192

actioncmb2_admin_initincludes\class-wp-classroom.php:193

actionadmin_initincludes\class-wp-classroom.php:195

actionadmin_menuincludes\class-wp-classroom.php:196

actioncmb2_admin_initincludes\class-wp-classroom.php:198

actioncmb2_admin_initincludes\class-wp-classroom.php:199

actionmanage_edit-wp_classroom_columnsincludes\class-wp-classroom.php:205

actionmanage_wp_classroom_posts_custom_columnincludes\class-wp-classroom.php:206

filtermanage_edit-wp_classroom_sortable_columnsincludes\class-wp-classroom.php:207

actionwp_enqueue_scriptsincludes\class-wp-classroom.php:224

actionwp_enqueue_scriptsincludes\class-wp-classroom.php:225

filtersingle_templateincludes\class-wp-classroom.php:227

filterget_previous_post_sortincludes\class-wp-classroom.php:228

filterget_next_post_sortincludes\class-wp-classroom.php:229

filterget_next_post_whereincludes\class-wp-classroom.php:230

filterget_previous_post_whereincludes\class-wp-classroom.php:231

filterbody_classincludes\class-wp-classroom.php:232

actioninitincludes\class-wp-classroom.php:234

actioninitincludes\class-wp-classroom.php:235

actioninitincludes\class-wp-classroom.php:237

actioninitincludes\class-wp-classroom.php:238

filterparse_requestincludes\class-wp-classroom.php:239

filtertemplate_includeincludes\class-wp-classroom.php:240

actiontemplate_redirectincludes\class-wp-classroom.php:244

actioncourse_listincludes\class-wp-classroom.php:253

actioncoursesincludes\class-wp-classroom.php:254

actionstudent_profileincludes\class-wp-classroom.php:255

actioncomplete_classincludes\class-wp-classroom.php:256

actioncourse_progressincludes\class-wp-classroom.php:257

actionclassroom_loginincludes\class-wp-classroom.php:258

filterwidget_textincludes\class-wp-classroom.php:264

filterlist_terms_exclusionsincludes\class-wp-classroom.php:267

filterthe_contentpublic\class-wp-classroom-public.php:97

Maintenance & Trust

Classroom Maintenance & Trust

Maintenance Signals

WordPress version tested5.2.24

Last updatedAug 7, 2019

PHP min version

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Classroom Alternatives

Educare – Students & Result Management System

educare

No. 1 Academic Students & Result Management system for WordPress. Educare helps you effortlessly publish and manage student results online.

1K 3 CVEs

The School Management – Education & Learning Management

school-management-system

The School Management System is a WordPress plugin to manage school and its entities such as classes, sections, students, ID cards, teachers, staff, f …

1K 1 CVE

Classroom Library

classroom-library

100

Classroom library plugin to catalog books and create a check in/out system for students.

20 No CVEs

Moodle Course List Widget

moodle-course-list-widget

This plugin will allow you to display a list of Moodle courses for a specific user of Moodle.

20 No CVEs

Course Box

course-box

100

A WordPress plugin that integrates with WooCommerce to import products from an external API with advanced features like pagination, search, and import …

10 No CVEs

Developer Profile

Classroom Developer Profile

Greg

3 plugins · 630 total installs

trust score

Avg Security Score

78/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Classroom

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/classroom/admin/css/wp-classroom-admin.css/wp-content/plugins/classroom/admin/js/wp-classroom-admin.js

Version Parameters

wp-classroom-admin.css?ver=wp-classroom-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

wp-classroom-admin-wrapwp-classroom-admin-options

HTML Comments

+3 more

Data Attributes

data-classroom-iddata-classroom-post-type

JS Globals

wp_classroom_admin_params

FAQ