Does Command Palette have any unpatched vulnerabilities?

No. All known vulnerabilities in Command Palette have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Command Palette compatible with WordPress 5.9.13?

According to WordPress.org data, Command Palette 1.0.1 has been tested up to WordPress 5.9.13. Check the plugin's changelog for the latest compatibility information.

Is Command Palette compatible with PHP 5.6+?

Command Palette requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Command Palette updated?

Command Palette was last updated on Mar 17, 2022. Frequent updates are generally a positive security signal.

What is Command Palette's security score?

Command Palette has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Command Palette Security & Risk Analysis

wordpress.org/plugins/command-palette

Bring the power of text editor command palette to WordPress Admin.

60 active installs v1.0.1 PHP 5.6+ WP 4.3+ Updated Mar 17, 2022

admin-menuquick-jumpshortcutworkflow

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Command Palette Safe to Use in 2026?

Generally Safe

Score 85/100

Command Palette has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The command-palette plugin v1.0.1 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of any identified dangerous functions, SQL queries without prepared statements, file operations, or external HTTP requests is highly commendable. Furthermore, the plugin demonstrates good practices with the presence of nonce and capability checks, even though the attack surface appears to be zero. The clean vulnerability history with no recorded CVEs further reinforces this positive outlook, suggesting a mature and well-maintained codebase.

While the plugin shows many strengths, a minor concern arises from the output escaping. With 7 total outputs and 71% properly escaped, there's a small but present risk that approximately 2 out of 7 outputs might not be adequately sanitized, potentially leading to cross-site scripting (XSS) vulnerabilities if the unescaped content is user-controlled or sensitive. However, given the extremely limited attack surface and zero taint flows, this risk is significantly mitigated in practice. The lack of taint analysis data makes it difficult to fully assess potential data flow vulnerabilities, but the absence of critical or high severity flows is a good sign.

In conclusion, command-palette v1.0.1 appears to be a secure plugin with robust coding practices. The primary area for potential improvement, albeit with a currently low practical risk due to other security measures, is the complete and consistent sanitization of all output. The lack of past vulnerabilities is a strong indicator of ongoing security diligence.

Key Concerns

Incomplete output escaping

Vulnerabilities

None known

Command Palette Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Command Palette Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

5 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

71% escaped7 total outputs

Attack Surface

Command Palette Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionadmin_enqueue_scriptssrc\AssetManager.php:15

actionload-plugins.phpsrc\CacheManager.php:7

actionadmin_noticessrc\CacheManager.php:9

actionadmin_enqueue_scriptssrc\ItemManager.php:15

actioncommand_palette_enqueue_scriptssrc\Sources\Action.php:7

actionadmin_footersrc\TemplateManager.php:6

Maintenance & Trust

Command Palette Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13

Last updatedMar 17, 2022

PHP min version5.6

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs60

Alternatives

Command Palette Alternatives

Mailchimp for WooCommerce

mailchimp-for-woocommerce

Connect your store to your Mailchimp audience to track sales, create targeted emails, send abandoned cart emails, and more.

300K 2 CVEs

PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus

capability-manager-enhanced

PublishPress Capabilities is the access control plugin. You can manage user capabilities, permissions, user roles, admin menus and more.

100K 4 CVEs

Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories

post-expirator

PublishPress Future can make scheduled changes to your content. You can unpublish posts, move posts to a new status, update the categories, and more.

100K 5 CVEs

Ultimate Dashboard – Custom WordPress Dashboard

ultimate-dashboard

The #1 Plugin to Customize the WordPress Dashboard!

60K 8 CVEs

Zapier for WordPress

zapier

Zapier saves you time on tedious tasks by moving info between WordPress and your other favorite apps, so you can focus on your most important work.

50K 2 CVEs

Developer Profile

Command Palette Developer Profile

Tung Du

1 plugin · 60 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Command Palette

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/command-palette/assets/js/main.js/wp-content/plugins/command-palette/assets/css/main.css

Script Paths

/wp-content/plugins/command-palette/assets/js/main.js

Version Parameters

command-palette/assets/js/main.js?ver=command-palette/assets/css/main.css?ver=

HTML / DOM Fingerprints

FAQ