Does CloudSecure WP Security have any unpatched vulnerabilities?

No. All known vulnerabilities in CloudSecure WP Security have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CloudSecure WP Security compatible with WordPress 6.9.4?

According to WordPress.org data, CloudSecure WP Security 1.4.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is CloudSecure WP Security compatible with PHP 7.1+?

CloudSecure WP Security requires PHP 7.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is CloudSecure WP Security updated?

CloudSecure WP Security was last updated on Mar 13, 2026. Frequent updates are generally a positive security signal.

What is CloudSecure WP Security's security score?

CloudSecure WP Security has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CloudSecure WP Security Security & Risk Analysis

wordpress.org/plugins/cloudsecure-wp-security

管理画面とログインURLをサイバー攻撃から守る、国産・日本語対応のセキュリティ対策プラグインです。かんたんな設定を行うだけで、不正アクセスや不正ログインからあなたのWordPressを保護します。

100K active installs v1.4.5 PHP 7.1+ WP 5.3.15+ Updated Mar 13, 2026

anti-spambrute-forcelogin-locksecuritywaf

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is CloudSecure WP Security Safe to Use in 2026?

Generally Safe

Score 100/100

CloudSecure WP Security has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 21d ago

Risk Assessment

The cloudsecure-wp-security plugin v1.4.5 presents a mixed security posture. On the positive side, it demonstrates strong practices in output escaping, with nearly all outputs being properly handled. The vast majority of SQL queries also utilize prepared statements, and a reasonable number of nonce and capability checks are present. However, there are significant areas of concern. The plugin exposes four AJAX handlers, all of which lack authentication checks, creating a substantial attack surface for unauthorized actions. Furthermore, the presence of the `unserialize` function, even if only used twice, carries inherent risks if not carefully managed with input validation, especially when dealing with potentially untrusted data. The taint analysis also revealed one high-severity flow with unsanitized paths, indicating a potential for malicious input to be used in a dangerous way, despite the overall low number of analyzed flows. The plugin's vulnerability history is clean, which is a positive sign of generally good development, but it does not negate the immediate risks identified in the static and taint analysis.

Key Concerns

AJAX handlers without authentication checks
Use of unserialize function
High severity taint flow with unsanitized paths

Vulnerabilities

None known

CloudSecure WP Security Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

CloudSecure WP Security Code Analysis

Dangerous Functions

Raw SQL Queries

80 prepared

Unescaped Output

485 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$post_content = unserialize( $result->post_content, [ 'allowed_classes' => false ] );modules\waf-engine.php:944

unserialize$cptui_data = unserialize( $cptui_data, [ 'allowed_classes' => false ] );modules\waf-engine.php:971

SQL Query Safety

85% prepared94 total queries

Output Escaping

99% escaped488 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

11 flows6 with unsanitized paths

check_captcha (modules\captcha.php:280)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

CloudSecure WP Security Attack Surface

Entry Points4

Unprotected4

AJAX Handlers 4

authwp_ajax_cloudsecurewp_generate_keymodules\cloudsecure-wp.php:264

authwp_ajax_cloudsecurewp_generate_key_and_send_emailmodules\cloudsecure-wp.php:265

authwp_ajax_cloudsecurewp_verify_auth_codemodules\cloudsecure-wp.php:266

authwp_ajax_cloudsecurewp_generate_recovery_codesmodules\cloudsecure-wp.php:267

WordPress Hooks 46

actionplugins_loadedmodules\cloudsecure-wp.php:136

filterwp_php_error_argsmodules\cloudsecure-wp.php:140

actionplugins_loadedmodules\cloudsecure-wp.php:144

actionwp_loginmodules\cloudsecure-wp.php:147

actionwp_loginmodules\cloudsecure-wp.php:148

actionxmlrpc_callmodules\cloudsecure-wp.php:149

actionwp_login_failedmodules\cloudsecure-wp.php:150

actionwp_loginmodules\cloudsecure-wp.php:153

filtershake_error_codesmodules\cloudsecure-wp.php:157

filterauthenticatemodules\cloudsecure-wp.php:158

actionwp_login_failedmodules\cloudsecure-wp.php:159

actionplugins_loadedmodules\cloudsecure-wp.php:165

filterlogin_initmodules\cloudsecure-wp.php:166

filtersite_urlmodules\cloudsecure-wp.php:167

filternetwork_site_urlmodules\cloudsecure-wp.php:168

filterregistermodules\cloudsecure-wp.php:169

filterwp_redirectmodules\cloudsecure-wp.php:170

filterauth_redirect_schememodules\cloudsecure-wp.php:171

actionadmin_noticesmodules\cloudsecure-wp.php:174

filterlogin_errorsmodules\cloudsecure-wp.php:184

actionwp_loginmodules\cloudsecure-wp.php:189

actionadmin_noticesmodules\cloudsecure-wp.php:192

actionadmin_noticesmodules\cloudsecure-wp.php:204

filterxmlrpc_methodsmodules\cloudsecure-wp.php:207

actionadmin_noticesmodules\cloudsecure-wp.php:213

actioninitmodules\cloudsecure-wp.php:224

filterrest_pre_dispatchmodules\cloudsecure-wp.php:228

filtershake_error_codesmodules\cloudsecure-wp.php:237

filterlogin_formmodules\cloudsecure-wp.php:240

actionwp_authenticate_usermodules\cloudsecure-wp.php:241

actioncomment_form_logged_in_aftermodules\cloudsecure-wp.php:245

actioncomment_form_after_fieldsmodules\cloudsecure-wp.php:246

filterpreprocess_commentmodules\cloudsecure-wp.php:247

actionwp_footermodules\cloudsecure-wp.php:248

filterlostpassword_formmodules\cloudsecure-wp.php:252

filterallow_password_resetmodules\cloudsecure-wp.php:253

actionregister_formmodules\cloudsecure-wp.php:257

actionregister_postmodules\cloudsecure-wp.php:258

filtersanitize_usermodules\cloudsecure-wp.php:271

filterauthenticatemodules\cloudsecure-wp.php:272

filterauthenticatemodules\cloudsecure-wp.php:273

filterauthenticatemodules\cloudsecure-wp.php:274

actionwp_loginmodules\cloudsecure-wp.php:275

filtermanage_users_columnsmodules\cloudsecure-wp.php:279

actionmanage_users_custom_columnmodules\cloudsecure-wp.php:280

actionadmin_menumodules\cloudsecure-wp.php:291

Maintenance & Trust

CloudSecure WP Security Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 13, 2026

PHP min version7.1

Downloads604K

Community Trust

Rating100/100

Number of ratings2

Active installs100K

Alternatives

CloudSecure WP Security Alternatives

BotBlocker Security – Firewall & Bot Protection

botblocker-security

100

Protect your WordPress site: firewall, bot & brute-force protection, anti-spam, multi-layer CAPTCHA, optional cloud threat intel.

2K No CVEs

CIDRAM

cidram

100

CIDRAM: A PHP-level CIDR/IP-based firewall solution.

20 No CVEs

Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall

limit-login-attempts-reloaded

Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.

2.0M 4 CVEs

Solid Security – Password, Two Factor Authentication, and Brute Force Protection

better-wp-security

Harden your site security with Login Security, Two-Factor Authentication (2FA), Vulnerability Scanner, Firewall, and more. Formerly iThemes Security.

700K 19 CVEs

SiteGuard WP Plugin

siteguard

SiteGurad WP Plugin is the plugin specialized for the protection against the attack to the management page and login.

600K 1 unpatched

Developer Profile

CloudSecure WP Security Developer Profile

cloudsecure

1 plugin · 100K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect CloudSecure WP Security

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cloudsecure-wp-security/assets/css/main.css/wp-content/plugins/cloudsecure-wp-security/assets/js/main.js/wp-content/plugins/cloudsecure-wp-security/really-simple-captcha/really-simple-captcha.js

Script Paths

/wp-content/plugins/cloudsecure-wp-security/really-simple-captcha/really-simple-captcha.js

Version Parameters

cloudsecure-wp-security/assets/css/main.css?ver=cloudsecure-wp-security/assets/js/main.js?ver=cloudsecure-wp-security/really-simple-captcha/really-simple-captcha.js?ver=

HTML / DOM Fingerprints

CSS Classes

cs-wp-security-form-groupcs-wp-security-form-controlcs-wp-security-button

HTML Comments

Really Simple CAPTCHA.Class names are changed to avoid duplication.The class name has been changed from ReallySimpleCaptcha to CloudSecureWP_ReallySimpleCaptcha.Characters available in images+27 more

Data Attributes

data-cs-wp-security-id

JS Globals

CloudSecureWP_ReallySimpleCaptcha

FAQ