Does Create Faq have any unpatched vulnerabilities?

No. All known vulnerabilities in Create Faq have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Create Faq compatible with WordPress 6.8.5?

According to WordPress.org data, Create Faq 1.0.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Create Faq compatible with PHP 7.4+?

Create Faq requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Create Faq updated?

Create Faq was last updated on Sep 30, 2025. Frequent updates are generally a positive security signal.

What is Create Faq's security score?

Create Faq has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Create Faq Security & Risk Analysis

wordpress.org/plugins/create-faq

WordPressサイトにSEOとAI検索に最適化されたFAQページを簡単に作成・管理できるプラグインです。

0 active installs v1.0.2 PHP 7.4+ WP 6.2+ Updated Sep 30, 2025

categoriesfaqinexioseostructured-data

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Create Faq Safe to Use in 2026?

Generally Safe

Score 100/100

Create Faq has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago

Risk Assessment

The 'create-faq' plugin v1.0.2 exhibits a generally strong security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, cron events, file operations, external HTTP requests, and dangerous functions is a significant strength. Furthermore, the fact that all SQL queries use prepared statements and the taint analysis shows no critical or high severity flows is highly positive. The plugin also reports no known CVEs, indicating a clean historical security record.

However, there are areas for improvement. The plugin lacks nonce checks and capability checks, which are crucial for securing entry points. While the attack surface is small with only one shortcode, the absence of these checks on it presents a potential risk if the shortcode's functionality is sensitive. The output escaping is not perfect, with 20% of outputs not properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if the unescaped content is user-controllable.

In conclusion, the 'create-faq' plugin has many good security practices in place, especially regarding data handling and SQL. The lack of known vulnerabilities is reassuring. Nevertheless, the missing nonce and capability checks, along with the imperfect output escaping, represent the primary security concerns that should be addressed to further harden the plugin.

Key Concerns

Missing nonce checks
Missing capability checks
Improper output escaping (20%)

Vulnerabilities

None known

Create Faq Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Create Faq Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

80% escaped10 total outputs

Attack Surface

Create Faq Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[creafa_faq] create-faq.php:81

WordPress Hooks 7

actionplugins_loadedcreate-faq.php:72

actioninitcreate-faq.php:79

actioninitcreate-faq.php:80

actionwp_enqueue_scriptscreate-faq.php:82

actionadmin_noticescreate-faq.php:85

actionadmin_menucreate-faq.php:86

actionadmin_initcreate-faq.php:87

Maintenance & Trust

Create Faq Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedSep 30, 2025

PHP min version7.4

Downloads350

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Create Faq Alternatives

SchemaSense – Smart Structured Data

schemasense-smart-structured-data

100

Auto-detects FAQ content and generates valid JSON-LD schema for LLMs, GEO (Generative Engine Optimization), and SEO.

300 No CVEs

FAQ Schema Shortcode

faq-schema-shortcode

100

Quickly add FAQ sections compatible with structured data to your site using simple shortcodes, improving your SEO.

80 No CVEs

FAQ Accordion & Schema

faq-accordion-schema

100

Create FAQ accordions with built-in FAQ schema markup for SEO. Includes shortcode support and styling options.

20 No CVEs

The SEO Framework – Fast, Automated, Effortless.

autodescription

100

The fastest feature-complete SEO plugin for professional WordPress websites. Secure, fast, unbranded, and automated SEO. Do less; get better results.

200K No CVEs

Schema & Structured Data for WP & AMP

schema-and-structured-data-for-wp

Schema & Structured Data adds Google Rich Snippets markup according to Schema.org guidelines to structure your site for SEO.

100K 10 CVEs

Developer Profile

Create Faq Developer Profile

TAKAHIRO

6 plugins · 70 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Create Faq

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/create-faq/assets/css/create-faq.css/wp-content/plugins/create-faq/assets/js/create-faq.js

Script Paths

/wp-content/plugins/create-faq/assets/js/create-faq.js

Version Parameters

create-faq/assets/css/create-faq.css?ver=create-faq/assets/js/create-faq.js?ver=

HTML / DOM Fingerprints

CSS Classes

creafa-faq-wrappercreafa-faq-itemcreafa-faq-questioncreafa-faq-answercreafa-faq-settings

HTML Comments

+2 more

Data Attributes

data-creafa-accordion-enabled

JS Globals

window.creafa_settings

REST Endpoints

/wp-json/creafa/v1/faq

Shortcode Output

[creafa_faq]<div class="creafa-faq-wrapper">

FAQ