WP-Safety

Crossword Compiler Puzzles Security & Risk Analysis

wordpress.org/plugins/crossword-compiler-puzzles

Insert a crossword puzzle, sudoku or word search from content made by Crossword Compiler

300 active installs v14.5 PHP + WP 6.0.0+ Updated Dec 20, 2025
crosswordpuzzlesudokuwordsearch
74
B · Generally Safe
CVEs total2
Unpatched1
Last CVEMay 2, 2025
Plugin page Download
Safety Verdict

Is Crossword Compiler Puzzles Safe to Use in 2026?

Mostly Safe

Score 74/100

Crossword Compiler Puzzles is generally safe to use. 2 past CVEs were resolved. Keep it updated.

2 known CVEs 1 unpatched Last CVE: May 2, 2025Updated 3mo ago
Risk Assessment

The plugin "crossword-compiler-puzzles" v14.5 presents a mixed security posture. While the static analysis shows good practices in several areas, such as 100% prepared SQL statements and a high percentage of properly escaped output, there are concerning aspects. The presence of two known CVEs, one of which is unpatched and rated as high severity, is a significant risk. The common vulnerability types historically found (XSS and unrestricted file uploads) suggest potential weaknesses in input sanitization and validation, which could be exploited if similar issues exist in the current version. The static analysis, however, indicates a clean slate for taint analysis in this version, with no unsanitized paths or critical/high severity flows. The attack surface is managed, with all entry points having authentication checks. Despite the positive indicators in the current code, the unpatched historical vulnerability demands immediate attention.

Key Concerns

  • Unpatched High Severity CVE
  • Known vulnerability history (XSS, Unrestricted Upload)
  • Some output not properly escaped
Vulnerabilities
2

Crossword Compiler Puzzles Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

High
1
Medium
1

2 total CVEs

CVE-2025-46493medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Crossword Compiler Puzzles <= 5.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting

May 2, 2025Unpatched
CVE-2025-46490high · 8.8Unrestricted Upload of File with Dangerous Type

Crossword Compiler Puzzles <= 5.2 - Authenticated (Subscriber+) Arbitrary File Upload

Apr 25, 2025 Patched in 5.3 (127d)
Code Analysis
Analyzed Mar 16, 2026

Crossword Compiler Puzzles Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
24 escaped
Nonce Checks
3
Capability Checks
5
File Operations
5
External Requests
5
Bundled Libraries
0

Output Escaping

89% escaped27 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
ccpuz_save_crossword_mce_from (modules\hooks.php:87)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Crossword Compiler Puzzles Attack Surface

Entry Points5
Unprotected0

AJAX Handlers 4

authwp_ajax_ccpuz_get_crossword_mce_frommodules\hooks.php:72
authwp_ajax_ccpuz_save_crossword_mce_frommodules\hooks.php:85
authwp_ajax_ccpuz_preview_localmodules\hooks.php:397
authwp_ajax_ccpuz_view_logwp-crossword.php:113

Shortcodes 1

[crossword] modules\shortcodes.php:3
WordPress Hooks 11
actioninitmodules\hooks.php:8
filtermce_external_pluginsmodules\hooks.php:16
actionadmin_print_scriptsmodules\hooks.php:18
filtermce_buttonsmodules\hooks.php:20
filterwp_headmodules\hooks.php:58
actionenqueue_block_editor_assetsmodules\hooks.php:285
actionenqueue_block_assetsmodules\hooks.php:286
actionsave_postmodules\meta_box.php:70
actionwp_enqueue_scriptsmodules\scripts.php:7
actionadmin_enqueue_scriptsmodules\scripts.php:8
actionadmin_noticeswp-crossword.php:156
Maintenance & Trust

Crossword Compiler Puzzles Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 20, 2025
PHP min version
Downloads15K

Community Trust

Rating56/100
Number of ratings5
Active installs300
Alternatives

Crossword Compiler Puzzles Alternatives

PuzzleMe – Interactive Puzzles for WordPress – Easily publish crosswords, quizzes, word searches and more

PuzzleMe – Interactive Puzzles for WordPress – Easily publish crosswords, quizzes, word searches and more

puzzleme

A
99

PuzzleMe makes it easy to add interactive games to your WordPress website - no coding required.

1K 1 CVE
MorePuzzles

MorePuzzles

morepuzzles

A
85

This plugin is for those who would like to insert an interactive crossword/word-search puzzle to their page.

100 No CVEs
WHA Puzzle

WHA Puzzle

wha-puzzle

A
85

Puzzle - puzzle game, which is a mosaic that you want to make from the many fragments of the pattern of various shapes.

300 No CVEs
YMC Crossword

YMC Crossword

ymc-crossword

A
100

The plugin Crossword creates an easy crossword from the words of any combination.

200 No CVEs
WP Sudoku Plus

WP Sudoku Plus

wp-sudoku-plus

A
100

This plugin displays a sudoku puzzle diagram on your website that the visitor can try to solve.

100 No CVEs
Developer Profile

Crossword Compiler Puzzles Developer Profile

wordwebsoftware

1 plugin · 300 total installs

61
trust score
Avg Security Score
74/100
Avg Patch Time
127 days
View full developer profile
Detection Fingerprints

How We Detect Crossword Compiler Puzzles

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/crossword-compiler-puzzles/css/crossword-compiler.css/wp-content/plugins/crossword-compiler-puzzles/js/crossword-compiler.js
Script Paths
/wp-content/plugins/crossword-compiler-puzzles/js/crossword-compiler.js
Version Parameters
crossword-compiler-puzzles/css/crossword-compiler.css?ver=crossword-compiler-puzzles/js/crossword-compiler.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- CROSSWORD COMPILER DEBUG LOG --><!-- Debug mode admin notice displayed -->
Data Attributes
ccpuz_wpse72394_button
JS Globals
ccpuz_wpse72394_button_ajax_urlccpuz_post_idccpuz_nonce
REST Endpoints
/wp-json/wp/v2/posts
FAQ

Frequently Asked Questions about Crossword Compiler Puzzles