Does CycloPress have any unpatched vulnerabilities?

No. All known vulnerabilities in CycloPress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CycloPress compatible with WordPress 2.9.2?

According to WordPress.org data, CycloPress 1.5.1 has been tested up to WordPress 2.9.2. Check the plugin's changelog for the latest compatibility information.

How often is CycloPress updated?

CycloPress was last updated on Jan 4, 2010. Frequent updates are generally a positive security signal.

What is CycloPress's security score?

CycloPress has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CycloPress Security & Risk Analysis

wordpress.org/plugins/cyclopress

Track cycling stats from your bike's cyclocomputer and make pretty graphs.

10 active installs v1.5.1 PHP + WP 2.5+ Updated Jan 4, 2010

bicyclebikecyclingcyclocomputersports

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is CycloPress Safe to Use in 2026?

Generally Safe

Score 85/100

CycloPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 16yr ago

Risk Assessment

The "cyclopress" v1.5.1 plugin presents a mixed security picture. While the plugin boasts an impressive attack surface with zero identified entry points and no recorded vulnerabilities, the static analysis reveals significant underlying concerns. The presence of dangerous functions like 'assert' and 'unserialize' is a major red flag, as these can be exploited to execute arbitrary code or manipulate data if improperly handled. Furthermore, the very low percentage of properly escaped output (1%) indicates a high likelihood of cross-site scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into user sessions.

The taint analysis highlights 11 flows with unsanitized paths, with 4 classified as high severity. This strongly suggests that user-supplied input is not being adequately validated or sanitized before being used in sensitive operations, which can lead to various injection attacks. The complete absence of nonce checks and capability checks on any entry points, coupled with the high number of file operations and SQL queries, further exacerbates these risks, making it easier for attackers to perform unauthorized actions or access sensitive data. While the plugin has no known CVEs, the internal code quality issues strongly suggest that vulnerabilities are likely present but not yet publicly disclosed or discovered. This makes the plugin's lack of a vulnerability history less of a strength and more of an unknown risk.

Key Concerns

Dangerous functions (assert, unserialize) present
Very low output escaping percentage (1%)
High severity taint flows found (4)
100% of taint flows have unsanitized paths
No nonce checks on entry points
No capability checks on entry points
High number of file operations (32)
Significant number of SQL queries (30)

Vulnerabilities

None known

CycloPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

CycloPress Code Analysis

Dangerous Functions

Raw SQL Queries

26 prepared

Unescaped Output

141

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

assertassert($this->idx>0);jpgraph-1.26\jpgraph.php:310

assertassert($aType=="x" || $aType=="y" );jpgraph-1.26\jpgraph.php:4467

assertassert($aMin<=$aMax);jpgraph-1.26\jpgraph.php:4468

assertassert($aType=="x");jpgraph-1.26\jpgraph_date.php:57

assertassert($aMin<=$aMax);jpgraph-1.26\jpgraph_date.php:58

unserialize$this->iFlagData = unserialize($rawdata);jpgraph-1.26\jpgraph_flags.php:279

assertassert( $this->prect != null ) ;jpgraph-1.26\jpgraph_plotband.php:560

assertassert( $this->prect != null ) ;jpgraph-1.26\jpgraph_plotband.php:591

assertassert($px > 0 && $py > 0 );jpgraph-1.26\jpgraph_radar.php:527

assertassert($this->idx>0);jpgraph-2.2\jpgraph.php:294

assertassert($aType=="x" || $aType=="y" );jpgraph-2.2\jpgraph.php:4444

assertassert($aMin<=$aMax);jpgraph-2.2\jpgraph.php:4445

assertassert($aType=="x");jpgraph-2.2\jpgraph_date.php:57

assertassert($aMin<=$aMax);jpgraph-2.2\jpgraph_date.php:58

unserialize$this->iFlagData = unserialize($rawdata);jpgraph-2.2\jpgraph_flags.php:277

assertassert( $this->prect != null ) ;jpgraph-2.2\jpgraph_plotband.php:557

assertassert( $this->prect != null ) ;jpgraph-2.2\jpgraph_plotband.php:592

assertassert($px > 0 && $py > 0 );jpgraph-2.2\jpgraph_radar.php:593

SQL Query Safety

87% prepared30 total queries

Output Escaping

1% escaped143 total outputs

Data Flows

11 unsanitized

Data Flow Analysis

11 flows11 with unsanitized paths

cy_debug_page (cyclopress.php:1749)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

CycloPress Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionwp_headcyclopress.php:2992

actionadmin_headcyclopress.php:2993

actionadmin_menucyclopress.php:2994

actioninitcyclopress.php:2997

Maintenance & Trust

CycloPress Maintenance & Trust

Maintenance Signals

WordPress version tested2.9.2

Last updatedJan 4, 2010

PHP min version

Downloads4K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

CycloPress Alternatives

SportsPress – Sports Club & League Manager

sportspress

SportsPress is an extendable all-in-one sports data plugin that helps sports clubs set up and manage a league or club site quickly and easily.

10K 6 CVEs

SportsPress for Football (Soccer)

sportspress-for-soccer

SportsPress for Football is an extension for SportsPress, an all-in-one sports data plugin that helps sports clubs set up a football website.

6K No CVEs

JoomSport – for Sports: Team & League, Football, Hockey & more

joomsport-sports-league-results-management

Create PRO sports website for your club, sports team or sports league! Soccer, Football, Hockey, Basketball, Volleyball, Handball, eSport & others.

1K 9 CVEs

SportsPress for Baseball

sportspress-for-baseball

SportsPress for Baseball is an extension for SportsPress, an all-in-one sports data plugin that helps sports teams set up a baseball website.

1K No CVEs

SportsPress for Basketball

sportspress-for-basketball

SportsPress for Basketball is an extension for SportsPress, an all-in-one sports data plugin that helps sports teams set up a basketball website.

1K No CVEs

Developer Profile

CycloPress Developer Profile

Andy Whalen

2 plugins · 90 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect CycloPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ