CollectionPress Security & Risk Analysis
wordpress.org/plugins/collectionpressCollectionPress provides a variety of features for building author or researcher pages within Wordpress. Items archived in DSpace can also be display …
Is CollectionPress Safe to Use in 2026?
Generally Safe
Score 85/100CollectionPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "collectionpress" v1.0.0 plugin exhibits a mixed security posture. While the absence of known CVEs and the use of prepared statements for SQL queries are positive indicators, significant concerns arise from the static analysis. The presence of an unprotected AJAX handler represents a direct entry point for potential attackers. Furthermore, a high percentage of output is not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is not handled carefully. The taint analysis, while reporting no critical or high severity flows, did identify flows with unsanitized paths, suggesting potential for unexpected behavior or data exposure if these flows interact with sensitive operations.
The vulnerability history is clean, which is a strength and suggests a potentially well-maintained codebase or a lack of past focus from attackers. However, the current static analysis findings, particularly the unprotected AJAX handler and unescaped output, present immediate risks that need to be addressed. The plugin has strengths in its lack of historical vulnerabilities and secure SQL handling, but weaknesses in input validation and output sanitization. The overall risk is moderate, primarily due to the unprotected entry point and potential for XSS.
Key Concerns
- Unprotected AJAX handler
- High percentage of unescaped output
- Unsanitized paths in taint flows
CollectionPress Security Vulnerabilities
CollectionPress Code Analysis
Output Escaping
Data Flow Analysis
CollectionPress Attack Surface
AJAX Handlers 1
Shortcodes 1
WordPress Hooks 15
Maintenance & Trust
CollectionPress Maintenance & Trust
Maintenance Signals
Community Trust
CollectionPress Alternatives
Extra Authors Redirect
extra-authors-redirect
Adds a checkbox to author profiles for redirecting to other parts of the site.
Backuply – Backup, Restore, Migrate and Clone
backuply
Backup, restores, and migration with Backuply are fairly simple with a wide range of storage options from Local Backups, FTP to cloud options like AWS …
BackWPup – WordPress Backup & Restore Plugin
backwpup
Create a complete WordPress backup easily. Schedule automatic backups, store securely, and restore effortlessly with the best WordPress backup plugin!
WooCommerce Legacy REST API
woocommerce-legacy-rest-api
The WooCommerce Legacy REST API, which is now part of WooCommerce itself but will be removed in WooCommerce 9.0.
Password Protected — Lock Entire Site, Pages, Posts, Categories, and Partial Content
password-protected
Protect your WordPress site, pages, posts, WooCommerce products, and categories with single or multiple passwords.
CollectionPress Developer Profile
1 plugin · 10 total installs
How We Detect CollectionPress
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/collectionpress/frontend/css/collectionpress.css/wp-content/plugins/collectionpress/frontend/js/collectionpress.js/wp-content/plugins/collectionpress/frontend/js/collectionpress.jscollectionpress/frontend/css/collectionpress.css?ver=collectionpress/frontend/js/collectionpress.js?ver=HTML / DOM Fingerprints
cp_author_page_title<!-- CollectionPress Shortcode --><!-- author name --><!-- author bio --><!-- author items -->data-author-iddata-item-idcollectionpress_ajax_urlcollectionpress_params/wp-json/collectionpress/v1/authors/wp-json/collectionpress/v1/items[collectionpress]