WP-Safety

crouton Security & Risk Analysis

wordpress.org/plugins/crouton

crouton provides a UI and more for view recovery meetings as stored in a Basic Meeting List Toolbox (BMLT) database.

300 active installs v4.1.4 PHP 8.0+ WP 4.0+ Updated Mar 10, 2026
bmltmeeting-listnarcotics-anonymousrecovery
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is crouton Safe to Use in 2026?

Generally Safe

Score 100/100

crouton has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 25d ago
Risk Assessment

The "crouton" plugin v4.1.4 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of known CVEs and a clean vulnerability history over time suggests the developers have a commitment to security. The code also demonstrates good practices, with 100% of SQL queries using prepared statements and a high percentage of output properly escaped. The presence of nonce and capability checks further reinforces secure handling of data.

However, a specific concern arises from the taint analysis revealing two flows with unsanitized paths. While no critical or high severity issues were identified in these flows, the fact that paths are not being sanitized indicates a potential area for further investigation and remediation. The presence of file operations and external HTTP requests, although not flagged as inherently insecure in this analysis, are always points to monitor for potential misuse if input validation or sanitization is imperfect in adjacent code not highlighted here.

Overall, the plugin is well-secured with a good track record. The two unsanitized path flows in the taint analysis are the primary areas for attention. Addressing these would further solidify the plugin's robust security. The strengths lie in the proactive use of prepared statements and escaping, while the weakness is the identified unsanitized paths, albeit without immediate critical impact.

Key Concerns

  • Flows with unsanitized paths identified
  • File operation present
  • External HTTP request present
Vulnerabilities
None known

crouton Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

crouton Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
5
100 escaped
Nonce Checks
1
Capability Checks
2
File Operations
1
External Requests
1
Bundled Libraries
2

Bundled Libraries

jQuery3.4.1Select2

Output Escaping

95% escaped105 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
emitJavascript (public\TablePublic.php:98)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

crouton Attack Surface

Entry Points11
Unprotected0

Shortcodes 11

[init_crouton] public\TablePublic.php:20
[bmlt_tabs] public\TablePublic.php:24
[crouton_map] public\TablePublic.php:28
[crouton_tabs] public\TablePublic.php:32
[bmlt_map] public\TablePublic.php:36
[bmlt_count] public\TablePublic.php:40
[meeting_count] public\TablePublic.php:44
[group_count] public\TablePublic.php:48
[service_body_names] public\TablePublic.php:52
[root_service_body] public\TablePublic.php:56
[bmlt_handlebar] public\TablePublic.php:60
WordPress Hooks 6
actionadmin_enqueue_scriptsadmin\TableAdmin.php:53
actionadmin_menuadmin\TableAdmin.php:54
actionBmltEnabled_Submenuadmin\TableAdmin.php:55
actioninitadmin\TableAdmin.php:56
actionwp_enqueue_scriptspublic\TablePublic.php:19
actionplugins_loadedpublic\TablePublic.php:64
Maintenance & Trust

crouton Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 10, 2026
PHP min version8.0
Downloads34K

Community Trust

Rating100/100
Number of ratings2
Active installs300
Alternatives

crouton Alternatives

Bread

Bread

bread

A
100

A web-based tool that creates, maintains and generates a PDF meeting list from BMLT.

300 No CVEs
List Locations BMLT

List Locations BMLT

list-locations-bmlt

A
100

List Locations BMLT is a plugin that returns all unique towns or counties from your BMLT server for a given service body on your site.

70 No CVEs
Upcoming Meetings BMLT

Upcoming Meetings BMLT

upcoming-meetings-bmlt

A
100

Upcoming Meetings BMLT is a plugin that displays the next 'N' number of meetings from the current time on your page or in a widget using the …

50 No CVEs
Contacts BMLT

Contacts BMLT

contacts-bmlt

A
100

Contacts BMLT is a plugin that displays helpline and website information about service bodies using the contacts_bmlt shortcode.

30 No CVEs
Temporary Closures BMLT

Temporary Closures BMLT

temporary-closures-bmlt

A
100

Temporary Closures BMLT is a plugin that displays a list of all meetings that have temporary closures. It can be used

10 No CVEs
Developer Profile

crouton Developer Profile

radius314

3 plugins · 600 total installs

92
trust score
Avg Security Score
97/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect crouton

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/crouton/croutonjs/dist/crouton-gmaps.min.js/wp-content/plugins/crouton/croutonjs/dist/crouton-leaflet.min.css/wp-content/plugins/crouton/croutonjs/dist/crouton-map.min.js
Script Paths
/wp-content/plugins/crouton/croutonjs/dist/crouton-gmaps.min.js/wp-content/plugins/crouton/croutonjs/dist/crouton-map.min.js

HTML / DOM Fingerprints

CSS Classes
MeetingMap
Data Attributes
id="tile_provider"name="tile_provider"id="custom_tile_provider"id="tile_url"name="tile_url"id="tile_attribution"+18 more
FAQ

Frequently Asked Questions about crouton