WP-Safety

Crudiator Security & Risk Analysis

wordpress.org/plugins/crudiator

Crudiator is a plugin that makes it easy to achieve CRUD operations on custom tables in the WordPress admin panel.

200 active installs v2.0.2 PHP 7.3+ WP 5.0+ Updated Feb 8, 2025
crudcustom-tabledatabase-tableinsertupdate
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Crudiator Safe to Use in 2026?

Generally Safe

Score 92/100

Crudiator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The crudiator plugin v2.0.2 exhibits a generally strong security posture, with a commendable lack of known vulnerabilities (CVEs) and a robust approach to SQL query sanitization, all of which are prepared. The static analysis reveals no dangerous functions, no external HTTP requests, and a limited attack surface in terms of AJAX handlers, REST API routes, shortcodes, and cron events. Furthermore, the plugin employs nonce and capability checks, which are good security practices.

However, the analysis does highlight potential areas for improvement. Two flows with unsanitized paths were identified in the taint analysis, although they are not categorized as critical or high severity. Additionally, while 78% of output is properly escaped, the remaining 22% could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is involved. The presence of file operations also warrants attention, as insecure handling of files can introduce risks.

Given the absence of past vulnerabilities and the generally good security implementation, the plugin appears to be well-maintained. The identified issues are minor and can likely be addressed through focused code review and remediation. Overall, crudiator v2.0.2 is a relatively secure plugin, with a few specific areas that require attention to further strengthen its security.

Key Concerns

  • Flows with unsanitized paths found
  • Output escaping is not fully implemented (22% unescaped)
Vulnerabilities
None known

Crudiator Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Crudiator Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
3 prepared
Unescaped Output
34
121 escaped
Nonce Checks
2
Capability Checks
1
File Operations
2
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared3 total queries

Output Escaping

78% escaped155 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

6 flows2 with unsanitized paths
output_notice (src\Crudiator.php:1311)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Crudiator Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 15
actionadmin_noticessrc\Crudiator.php:154
filterset-screen-optionsrc\Crudiator.php:2682
actioninitsrc\CrudiatorPlugin.php:21
actionadmin_menusrc\CrudiatorPlugin.php:25
actionadmin_noticessrc\CrudiatorPlugin.php:81
actionadd_meta_boxes_crudiatorsrc\CrudiatorPlugin.php:138
actionsave_post_crudiatorsrc\CrudiatorPlugin.php:140
actionedit_form_after_titlesrc\CrudiatorPlugin.php:142
filterenter_title_heresrc\CrudiatorPlugin.php:144
filtermanage_crudiator_posts_columnssrc\CrudiatorPlugin.php:146
actionmanage_crudiator_posts_custom_columnsrc\CrudiatorPlugin.php:147
filterpost_row_actionssrc\CrudiatorPlugin.php:149
actionadmin_head-post-new.phpsrc\CrudiatorPlugin.php:156
actionadmin_head-post.phpsrc\CrudiatorPlugin.php:157
actionadmin_noticessrc\CrudiatorPlugin.php:233
Maintenance & Trust

Crudiator Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedFeb 8, 2025
PHP min version7.3
Downloads3K

Community Trust

Rating94/100
Number of ratings6
Active installs200
Alternatives

Crudiator Alternatives

CustomTables – Create, Read, Update, and Delete

CustomTables – Create, Read, Update, and Delete

customtables

A
100

The Custom Tables plugin allows you to create and manage custom database tables, display catalogs, forms, and tables using Twig templating language.

50 No CVEs
Table Manager

Table Manager

table-manager

A
100

Table Manager plugin helps to create table from wordpress posts, page.

10 No CVEs
Better Search Replace

Better Search Replace

better-search-replace

A
98

A simple plugin to update URLs or other text in a database.

1.0M 2 CVEs
MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites

MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites

mainwp-child

A
91

MainWP Child establishes a secure link between your WordPress sites and your self-hosted MainWP Dashboard, simplifying site management.

700K 7 CVEs
Easy Updates Manager

Easy Updates Manager

stops-core-theme-and-plugin-updates

A
100

Manage all your WordPress updates, including individual updates, automatic updates, logs, and loads more. This also works very well with WordPress Mul …

300K 1 CVE
Developer Profile

Crudiator Developer Profile

takafu

1 plugin · 200 total installs

88
trust score
Avg Security Score
92/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Crudiator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/crudiator/assets/css/crudiator.css/wp-content/plugins/crudiator/assets/lib/datetimepicker/jquery.datetimepicker.min.css/wp-content/plugins/crudiator/assets/js/crudiator.js/wp-content/plugins/crudiator/assets/lib/datetimepicker/jquery.datetimepicker.full.min.js

HTML / DOM Fingerprints

CSS Classes
crudiator_itemcrudiator_list
HTML Comments
<!-- Crudiator --><!-- WordPress標準クラスのWP_List_Tableをベースクラスとする為、まだ存在しない場合はここで読み込みます --><!-- 万が一WordPressで定義されているABSPATHが無い場合は何もせずreturnする --><!-- このCrudiatorで扱うテーブル -->+43 more
Data Attributes
name="__crudiator_input_names__"
JS Globals
var crudiator_params = var crudiator_options = var crudiator_columns = var crudiator_operators =
FAQ

Frequently Asked Questions about Crudiator