Clippings Security & Risk Analysis

wordpress.org/plugins/clippings

Enables you to keep track of your clients clippings and generates reports

0 active installs v1.0 PHP 7.0+ WP 4.7+ Updated Apr 23, 2021
agencyclippingscuttingsprreports
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Clippings Safe to Use in 2026?

Generally Safe

Score 85/100

Clippings has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago
Risk Assessment

The "clippings" v1.0 plugin exhibits a mixed security posture. While it demonstrates good practices by exclusively using prepared statements for SQL queries and having no known past vulnerabilities, several areas raise concerns. The presence of two REST API routes without permission callbacks significantly expands the attack surface and represents a direct vulnerability to unauthorized access and potential manipulation of data exposed through these endpoints. Furthermore, the taint analysis revealing three flows with unsanitized paths, even if not classified as critical or high severity in the static analysis, indicates a potential for path traversal or other file-related vulnerabilities that could be exploited if these paths are user-controlled inputs.

Key Concerns

  • REST API routes without permission callbacks
  • Unsanitized paths in taint analysis
  • Low percentage of properly escaped output
Vulnerabilities
None known

Clippings Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Clippings Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

Clippings Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
10 prepared
Unescaped Output
39
29 escaped
Nonce Checks
4
Capability Checks
4
File Operations
22
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

ini_setini_set('log_errors', '0');fpdf/makefont/makefont.php:429

SQL Query Safety

100% prepared10 total queries

Output Escaping

43% escaped68 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths
get_tier_publications (includes/report.php:5)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Clippings Attack Surface

Entry Points3
Unprotected2

REST API Routes 2

GET/wp-json/clippings/v1searchincludes/search-clippings-route.php:6
GET/wp-json/sma/v1searchincludes/search-sma-route.php:6

Shortcodes 1

[add_clippings] includes/shortcode.php:5
WordPress Hooks 37
actionwp_enqueue_scriptsclippings.php:29
actionadmin_enqueue_scriptsclippings.php:50
actionadd_meta_boxes_mcsm_clientsincludes/clients-fields.php:3
actionsave_postincludes/clients-fields.php:43
actioninitincludes/clients.php:3
filtermanage_edit-mcsm_clients_columnsincludes/clients.php:36
filtermanage_mcsm_clients_posts_custom_columnincludes/clients.php:37
actionadmin_head-edit.phpincludes/clients.php:38
filterthe_titleincludes/clients.php:66
actionadmin_initincludes/options-page.php:20
actionadmin_menuincludes/plugin-menu.php:6
actionadd_meta_boxes_mcsm_press_releasesincludes/press-releases-fields.php:3
actionsave_postincludes/press-releases-fields.php:63
actioninitincludes/press-releases.php:3
filtermanage_edit-mcsm_press_releases_columnsincludes/press-releases.php:34
filtermanage_mcsm_press_releases_posts_custom_columnincludes/press-releases.php:35
filteradmin_head-edit.phpincludes/press-releases.php:36
filterthe_titleincludes/press-releases.php:69
actionadd_meta_boxes_mcsm_publicationsincludes/publications-fields.php:3
actionsave_postincludes/publications-fields.php:80
actioninitincludes/publications-tax.php:3
actionadmin_initincludes/publications-tax.php:28
actioninitincludes/publications.php:3
filtermanage_edit-mcsm_publications_columnsincludes/publications.php:34
filtermanage_mcsm_publications_posts_custom_columnincludes/publications.php:35
filteradmin_head-edit.phpincludes/publications.php:36
filterthe_titleincludes/publications.php:74
actioninitincludes/report.php:3
actionrest_api_initincludes/search-clippings-route.php:3
actionrest_api_initincludes/search-sma-route.php:3
actionadd_meta_boxes_mcsm_smincludes/submitted-material-fields.php:3
actionsave_postincludes/submitted-material-fields.php:100
actioninitincludes/submitted-material.php:3
filtermanage_edit-mcsm_sm_columnsincludes/submitted-material.php:36
filtermanage_mcsm_sm_posts_custom_columnincludes/submitted-material.php:37
actionadmin_head-edit.phpincludes/submitted-material.php:38
filterthe_titleincludes/submitted-material.php:76
Maintenance & Trust

Clippings Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15
Last updatedApr 23, 2021
PHP min version7.0
Downloads918

Community Trust

Rating0/100
Number of ratings0
Active installs0
Developer Profile

Clippings Developer Profile

marsagnostics

2 plugins · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Clippings

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/clippings/js/tools-menu.js/wp-content/plugins/clippings/js/sm-menu.js/wp-content/plugins/clippings/js/fields-and-alerts.js/wp-content/plugins/clippings/js/search-clippings.js/wp-content/plugins/clippings/js/search-sma.js/wp-content/plugins/clippings/styles/uni-style.css/wp-content/plugins/clippings/js/plugin-menu.js
Script Paths
/wp-content/plugins/clippings/js/tools-menu.js/wp-content/plugins/clippings/js/sm-menu.js/wp-content/plugins/clippings/js/fields-and-alerts.js/wp-content/plugins/clippings/js/search-clippings.js/wp-content/plugins/clippings/js/search-sma.js/wp-content/plugins/clippings/js/plugin-menu.js

HTML / DOM Fingerprints

CSS Classes
tooltipbtnbtn--orangesuccess-message
HTML Comments
<!--keep from refresh--><!--Ende keep from refresh-->
Data Attributes
id="mcsm_search_clippings"id="mcsm_sm_available"id="clipping-success-message"id="report-success-message"name="randcheck"id="client"
JS Globals
var sm_jsonvar searchClippingsvar searchSma
REST Endpoints
/wp-json/clippings/v1/search/wp-json/sma/v1/search
Shortcode Output
<button class="tooltip btn" id="mcsm_search_clippings">Clippings
FAQ

Frequently Asked Questions about Clippings