Does CodeChief have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is CodeChief compatible with WordPress 5.4.19?

According to WordPress.org data, CodeChief 1.0.4 has been tested up to WordPress 5.4.19. Check the plugin's changelog for the latest compatibility information.

Is CodeChief compatible with PHP 5.6+?

CodeChief requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is CodeChief updated?

CodeChief was last updated on Aug 21, 2020. Frequent updates are generally a positive security signal.

What is CodeChief's security score?

CodeChief has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CodeChief Security & Risk Analysis

wordpress.org/plugins/codechief

A awesome WordPress plugin to manage many user options and create many new features easily from admin panel.

0 active installs v1.0.4 PHP 5.6+ WP 4.0+ Updated Aug 21, 2020

author-profile-widgetcontact-formlike-buttonpost-likeuser-roles-and-permission

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is CodeChief Safe to Use in 2026?

Generally Safe

Score 85/100

CodeChief has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The "codechief" plugin v1.0.4 exhibits a concerning security posture due to a significant number of unprotected entry points. While the plugin avoids the use of dangerous functions, file operations, and external HTTP requests, its static analysis reveals 4 out of 7 total entry points (AJAX handlers) lack authentication checks. This directly exposes these handlers to unauthorized access and potential exploitation. The taint analysis further exacerbates these concerns, indicating 2 flows with unsanitized paths classified as high severity. This suggests that user-supplied data is not being properly validated or neutralized before being used in potentially sensitive operations.

The plugin's vulnerability history is currently clean, with no recorded CVEs. This is a positive indicator and suggests a lack of previously discovered exploitable flaws. However, this absence of historical issues should not be mistaken for inherent security. The presence of high-severity taint flows and a large number of unprotected AJAX handlers are immediate, actionable risks that need to be addressed regardless of past vulnerability records. In conclusion, while the plugin has some strengths in avoiding certain risky coding practices, the critical weaknesses in authentication for its AJAX handlers and the high-severity unsanitized taint flows present a substantial risk that requires immediate attention.

Key Concerns

AJAX handlers without auth checks
High severity taint flows
SQL queries without prepared statements
Output escaping below 80%
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

CodeChief Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

CodeChief Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

CodeChief Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

100 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

33% prepared3 total queries

Output Escaping

71% escaped141 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

codechief_like_ajax_post_request (base\Ajax\AjaxServiceProvider.php:44)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

CodeChief Attack Surface

Entry Points7

Unprotected4

AJAX Handlers 4

authwp_ajax_codechief_like_ajax_post_requestbase\Ajax\AjaxServiceProvider.php:16

noprivwp_ajax_codechief_like_ajax_post_requestbase\Ajax\AjaxServiceProvider.php:21

authwp_ajax_codechief_submit_contact_form_requestbase\Ajax\AjaxServiceProvider.php:26

noprivwp_ajax_codechief_submit_contact_form_requestbase\Ajax\AjaxServiceProvider.php:31

Shortcodes 3

[codechief_contact] base\Template\LoadTemplate.php:57

[codechief_guestpost] base\Template\LoadTemplate.php:58

[codechief_guestpost] base\Template\LoadTemplate.php:77

WordPress Hooks 24

actionadmin_menubase\Admin\AddNewUserRolesAndPermission.php:22

actionadmin_menubase\Admin\AllOptionsPageForm.php:20

actionthe_contentbase\Admin\AuthorBoxAfterContent.php:32

actionadmin_initbase\Admin\AuthorProfileWidget.php:28

actionwidgets_initbase\Admin\AuthorProfileWidget.php:168

actionadmin_initbase\Admin\ContactFormSettings.php:16

filterauto_update_pluginbase\Admin\ExtraSettings.php:40

filterauto_update_themebase\Admin\ExtraSettings.php:52

filtercomments_openbase\Admin\ExtraSettings.php:71

filterpings_openbase\Admin\ExtraSettings.php:72

filtercomments_arraybase\Admin\ExtraSettings.php:78

actionadmin_menubase\Admin\ExtraSettings.php:85

actionadmin_initbase\Admin\ExtraSettingsPage.php:16

actionadmin_initbase\Admin\LikeButtonSettingPage.php:23

actionadmin_initbase\Admin\SendEmailToAuthorPage.php:16

actionpublish_postbase\Admin\SendMailToAuthorAfterPublishPost.php:10

filterthe_contentbase\Admin\ShowLikeButtonAfterPostPage.php:16

actionadmin_initbase\Admin\UserProfileOptionsPage.php:17

actionadmin_initbase\Admin\UserRoleAndCapabilitiesPage.php:17

actionadmin_enqueue_scriptsbase\Enqueue\LoadFrontendAndAdminScript.php:20

actionwp_enqueue_scriptsbase\Enqueue\LoadFrontendAndAdminScript.php:31

actionadmin_initbase\Plugin\PluginActivated.php:13

filtertheme_page_templatesbase\Template\LoadTemplate.php:55

filtertemplate_includebase\Template\LoadTemplate.php:56

Maintenance & Trust

CodeChief Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19

Last updatedAug 21, 2020

PHP min version5.6

Downloads8K

Community Trust

Rating100/100

Number of ratings1

Active installs0

Alternatives

CodeChief Alternatives

Solid Post Likes

solid-post-likes

A like button for all post types. Solid and simple.

500 No CVEs

WP1 Like

wp1-like

Display Like button on posts, pages, custom post types and WooCommerce products.

40 No CVEs

Kento Like Post

kento-like-post

Facebook Style like button for WordPress with like count and user thumbnails.

10 No CVEs

Contact Form 7

contact-form-7

Just another contact form plugin. Simple but flexible.

10.0M 8 CVEs

Akismet Anti-spam: Spam Protection

akismet

The best anti-spam protection to block spam comments and spam in a contact form. The most trusted antispam solution for WordPress and WooCommerce.

6.0M 2 CVEs

Developer Profile

CodeChief Developer Profile

Mahedi Hasan

1 plugin · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect CodeChief

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/codechief/assets/custom.js

Script Paths