Does App Connect have any unpatched vulnerabilities?

No. All known vulnerabilities in App Connect have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is App Connect compatible with WordPress 4.9.29?

According to WordPress.org data, App Connect 0.1-dev has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

Is App Connect compatible with PHP 5.4.0+?

App Connect requires PHP 5.4.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is App Connect updated?

App Connect was last updated on Sep 18, 2018. Frequent updates are generally a positive security signal.

What is App Connect's security score?

App Connect has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

App Connect Security & Risk Analysis

wordpress.org/plugins/connect

Connect apps to your WordPress site. Ssshh, this plugin is still in pre-release, keep it just to yourself for now.

10 active installs v0.1-dev PHP 5.4.0+ WP 4.9+ Updated Sep 18, 2018

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is App Connect Safe to Use in 2026?

Generally Safe

Score 85/100

App Connect has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "connect" v0.1-dev plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices with 100% of its SQL queries using prepared statements and a relatively high percentage of output escaping (78%). The absence of any known vulnerabilities in its history is also a strong indicator of a stable codebase. However, significant concerns arise from the static analysis. The plugin has a total of 2 entry points, both of which are unprotected REST API routes. This presents a direct and accessible attack surface that could be exploited without any authentication or authorization checks. The taint analysis revealed 3 flows with unsanitized paths, though fortunately, none were classified as critical or high severity. This suggests a potential for data mishandling, even if the immediate impact is not severe. The presence of nonce checks and capability checks in other parts of the code indicates an awareness of security best practices, but their absence on the exposed REST API routes is a critical oversight.

In conclusion, while the "connect" plugin has some solid security foundations, the unprotected REST API routes are a major vulnerability. The unsanitized taint flows, though not critical, further elevate the risk. The lack of historical vulnerabilities is a positive sign, but it doesn't negate the immediate risks identified in the current code. It's crucial to address the exposed REST API endpoints and thoroughly review the unsanitized taint flows to mitigate potential security threats. The plugin's current state is moderately risky due to the exposed entry points.

Key Concerns

Unprotected REST API routes
Flows with unsanitized paths
Low version number indicating potential immaturity

Vulnerabilities

None known

App Connect Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

App Connect Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

58 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

78% escaped74 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths

handle_connect (inc\namespace.php:155)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

App Connect Attack Surface

Entry Points2

Unprotected2

REST API Routes 2

POST/wp-json/oauth2/access_tokenoauth2\inc\endpoints\class-token.php:15

GET/wp-json/oauth2/authorizeoauth2\inc\endpoints\namespace.php:17

WordPress Hooks 16

actionrest_indexinc\namespace.php:26

filteroauth2.redirect_args.authorizedinc\namespace.php:27

actionshow_user_profileoauth2\inc\admin\profile\namespace.php:16

actionedit_user_profileoauth2\inc\admin\profile\namespace.php:17

actionall_admin_noticesoauth2\inc\admin\profile\namespace.php:18

actionpersonal_options_updateoauth2\inc\admin\profile\namespace.php:19

actionedit_user_profile_updateoauth2\inc\admin\profile\namespace.php:20

actionall_admin_noticesoauth2\inc\admin\profile\personaltokens\namespace.php:83

actioninitoauth2\inc\namespace.php:10

filterdetermine_current_useroauth2\inc\namespace.php:11

filterrest_authentication_errorsoauth2\inc\namespace.php:14

filterrest_indexoauth2\inc\namespace.php:15

actionrest_api_initoauth2\inc\namespace.php:16

filteroauth2.grant_typesoauth2\inc\namespace.php:19

actioninitoauth2\inc\namespace.php:22

actionadmin_menuoauth2\inc\namespace.php:23

Maintenance & Trust

App Connect Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedSep 18, 2018

PHP min version5.4.0

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

App Connect Alternatives

No alternatives data available yet.

Developer Profile

App Connect Developer Profile

Ryan McCue

4 plugins · 10K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect App Connect

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Script Paths

/wp-content/plugins/connect/oauth2/plugin.php

HTML / DOM Fingerprints

JS Globals

oauth2

REST Endpoints

/wp-json/oauth2/access_token/wp-json/oauth2/authorize

FAQ