Does Core Checksum Verifier have any unpatched vulnerabilities?

No. All known vulnerabilities in Core Checksum Verifier have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Core Checksum Verifier compatible with WordPress 6.8.5?

According to WordPress.org data, Core Checksum Verifier 1.0.1 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Core Checksum Verifier compatible with PHP 7.4+?

Core Checksum Verifier requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Core Checksum Verifier updated?

Core Checksum Verifier was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Core Checksum Verifier's security score?

Core Checksum Verifier has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Core Checksum Verifier Security & Risk Analysis

wordpress.org/plugins/core-checksum-verifier

Verifies the integrity of your WordPress core files with official checksums. Displays modified/missing files.

0 active installs v1.0.1 PHP 7.4+ WP 5.0+ Updated Unknown

checksumintegritysecuritywordpress-core

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Core Checksum Verifier Safe to Use in 2026?

Generally Safe

Score 100/100

Core Checksum Verifier has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The 'core-checksum-verifier' plugin v1.0.1 exhibits a mixed security posture. On the positive side, the code demonstrates good practices by exclusively using prepared statements for SQL queries and ensuring all outputs are properly escaped. It also avoids dangerous functions and file operations, and has no recorded vulnerability history, which suggests a history of secure development.

However, a significant concern arises from its attack surface. The plugin exposes one AJAX handler that lacks any authentication or capability checks. This means any unauthenticated user could potentially interact with this endpoint, posing a risk if the functionality it exposes is sensitive or can be misused. While taint analysis shows no vulnerabilities, the absence of checks on the AJAX handler is a known entry point for common web attacks.

In conclusion, while the plugin's core code appears to be written with security in mind regarding data handling, the lack of authentication on its AJAX endpoint is a critical oversight. This single unprotected entry point significantly elevates the risk profile, outweighing the otherwise positive code quality signals. Addressing this unprotected AJAX handler should be the immediate priority.

Key Concerns

Unprotected AJAX handler

Vulnerabilities

None known

Core Checksum Verifier Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Core Checksum Verifier Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped6 total outputs

Attack Surface

1 unprotected

Core Checksum Verifier Attack Surface

Entry Points1

Unprotected1

AJAX Handlers 1

authwp_ajax_verify_wp_checksumcore-checksum-verifier.php:86

WordPress Hooks 2

actionadmin_menucore-checksum-verifier.php:21

actionadmin_enqueue_scriptscore-checksum-verifier.php:32

Maintenance & Trust

Core Checksum Verifier Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedUnknown

PHP min version7.4

Downloads269

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Core Checksum Verifier Alternatives

Files Fence

files-fence

100

Detect if a wordpress core files are changed and if a unwanted file(s) are uploaded or created in wordpress folders different to wp-content

50 No CVEs

WP Fingerprint

wp-fingerprint

100

WP Fingerprint adds an additional layer of security to your WordPress website, working to check your plugins for signs of hack or exploit.

9K No CVEs

Subresource Integrity (SRI) Manager

wp-sri

Adds Subresource Integrity (SRI) attributes to your page's elements for better protection against JavaScript DDoS attacks.

1K 1 unpatched

Auto SRI

auto-sri

100

Automatically adds Subresource Integrity (SRI) to external scripts/styles and safely excludes Google reCAPTCHA and Google Fonts.

200 No CVEs

Integrity Checker

integrity-checker

100

The WordPress Integrity Checker checks your WordPress installation by detecting modified files, permissions issues and other common problems.

200 No CVEs

Developer Profile

Core Checksum Verifier Developer Profile

kamranmayo

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Core Checksum Verifier

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/core-checksum-verifier/assets/css/admin.css/wp-content/plugins/core-checksum-verifier/assets/js/admin.js/wp-content/plugins/core-checksum-verifier/assets/img/9068699.png/wp-content/plugins/core-checksum-verifier/assets/img/header.png

Script Paths

/wp-content/plugins/core-checksum-verifier/assets/js/admin.js

Version Parameters

core-checksum-verifier/assets/css/admin.css?ver=core-checksum-verifier/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

pul-buttonpul-overlay__bodypul-dialog__headerpul-dialog__bannerpul-dialog__banner-innerpul-dialog__header-innerpul-dialog__header-bodypul-dialog__header-content+4 more

JS Globals

corechDatajQuery

REST Endpoints

/wp-json/core-checksum-verifier/v1/settings

FAQ