
Code Scanner Security & Risk Analysis
wordpress.org/plugins/code-scannerScans WordPress plugin, theme, and core directories for malicious code injections.
Is Code Scanner Safe to Use in 2026?
Generally Safe
Score 85/100Code Scanner has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The code-scanner plugin v1.0.0 exhibits a generally good security posture, with no recorded vulnerabilities (CVEs) and a zero attack surface from common entry points like AJAX, REST API, shortcodes, and cron events. The static analysis reveals a complete absence of SQL queries, file operations, and external HTTP requests, which are common vectors for attacks. Furthermore, the plugin's code does not appear to bundle any external libraries, mitigating risks associated with outdated or vulnerable dependencies. However, there are two significant concerns identified. The presence of the `create_function` dangerous function, which is deprecated and can lead to security issues if not used with extreme caution, is a clear risk. Additionally, a very low percentage (12%) of output escaping indicates a high potential for cross-site scripting (XSS) vulnerabilities when data is displayed back to users.
Key Concerns
- Use of dangerous function: create_function
- Low percentage of properly escaped output
Code Scanner Security Vulnerabilities
Code Scanner Release Timeline
Code Scanner Code Analysis
Dangerous Functions Found
Output Escaping
Code Scanner Attack Surface
WordPress Hooks 9
Maintenance & Trust
Code Scanner Maintenance & Trust
Maintenance Signals
Community Trust
Code Scanner Alternatives
Threat Scan Plugin
threat-scan-plugin
This is a very simple threat scan that looks for things out of place in the content directory as well as the database.
Wordfence Security – Firewall, Malware Scan, and Login Security
wordfence
Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.
WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager
insert-headers-and-footers
Easily add code snippets in WordPress. Insert header & footer scripts, add PHP code snippets with conditional logic, insert ads pixel code, and more.
Jetpack – WP Security, Backup, Speed, & Growth
jetpack
Improve your WP security with powerful one-click tools like backup, WAF, and malware scan. Includes free tools like stats, CDN and social sharing.
All-In-One Security (AIOS) – Security and Firewall
all-in-one-wp-security-and-firewall
Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.
Code Scanner Developer Profile
7 plugins · 80 total installs
How We Detect Code Scanner
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/code-scanner/assets/css/admin.css/wp-content/plugins/code-scanner/assets/css/font-awesome.min.css/wp-content/plugins/code-scanner/assets/js/admin.js/wp-content/plugins/code-scanner/assets/js/admin.jscode-scanner-admin-styles?ver=code-scanner-fontawesome?ver=code-scanner-admin-script?ver=HTML / DOM Fingerprints
cs-ms-containerdata-cs-triggerdata-cs-results-containercodeScanner