Does Dictionary have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Dictionary compatible with WordPress 3.5.2?

According to WordPress.org data, Dictionary 1.0 has been tested up to WordPress 3.5.2. Check the plugin's changelog for the latest compatibility information.

How often is Dictionary updated?

Dictionary was last updated on Jun 25, 2013. Frequent updates are generally a positive security signal.

What is Dictionary's security score?

Dictionary has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Dictionary Security & Risk Analysis

wordpress.org/plugins/dictionary

This plugin adds a widget that shows random word and it's definiton.

10 active installs v1.0 PHP + WP 2.7+ Updated Jun 25, 2013

dictionaryvocabuary

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Dictionary Safe to Use in 2026?

Generally Safe

Score 85/100

Dictionary has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The "dictionary" plugin v1.0 exhibits a mixed security posture. On the positive side, the static analysis indicates a very small attack surface with no identified AJAX handlers, REST API routes, shortcodes, or cron events, and crucially, no unprotected entry points. The plugin also exclusively uses prepared statements for its SQL queries, which is a strong security practice. However, there are significant concerns regarding output escaping, with only 16% of outputs being properly escaped. This leaves the plugin vulnerable to cross-site scripting (XSS) attacks if any of the unescaped outputs are controllable by an attacker. Furthermore, while the taint analysis found no critical or high severity issues, it did reveal three flows with unsanitized paths, which could potentially lead to path traversal vulnerabilities if these paths are user-influenced and not properly validated or sanitized. The vulnerability history is a significant strength, showing no known CVEs, which suggests a history of secure development or diligent patching. Despite the lack of historical vulnerabilities and a small attack surface, the poor output escaping and presence of unsanitized paths are notable weaknesses that require attention to ensure user data and site integrity are protected.

Key Concerns

Poor output escaping (16% proper)
Unsanitized paths in taint flows (3 flows)
File operations detected (3)
No nonce checks on entry points

Vulnerabilities

None known

Dictionary Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Dictionary Release Timeline

v1.0Current

Code Analysis

Analyzed Mar 17, 2026

Dictionary Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

16% escaped37 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

<search-word> (search-word.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Dictionary Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionadmin_menuadmin.php:3

actionwidgets_initwidget.php:188

actioninitwidget.php:196

Maintenance & Trust

Dictionary Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2

Last updatedJun 25, 2013

PHP min version

Downloads3K

Community Trust

Rating60/100

Number of ratings1

Active installs10

Alternatives

Dictionary Alternatives

CM Tooltip Glossary

enhanced-tooltipglossary

Transform jargon into engaging content that boosts SEO, drives engagement, improves conversions, with automatic links and tooltips.

8K 7 CVEs

Heroic Glossary – Block for building Glossaries, Dictionaries and more

heroic-glossary

100

The best WordPress glossary builder plugin to create and manage your own glossary of terms.

4K No CVEs

Name Directory

name-directory

Name directory (glossary) with many options like multiple directories, integrated search, non-latin characters, recaptcha, HTML editor and many more.

3K 10 CVEs

Glossary

glossary-by-codeat

Boost your SEO & UX with Codeat's Glossary: powerful auto-link engine; customizable tooltips, mobile settings, ChatGPT and much more!

2K 2 CVEs

Encyclopedia / Glossary / Wiki

encyclopedia-lexicon-glossary-wiki-dictionary

Supercharged tool to build your own awesome Encyclopedia / Lexicon / Glossary / Wiki / Dictionary / Knowledge base / Directory / Vocabulary in no time

1K 1 CVE

Developer Profile

Dictionary Developer Profile

ajayver

5 plugins · 150 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Dictionary

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

word-definitionword_overriderefresh_wordsword-search

Data Attributes

data-words_to_showdata-word_override

JS Globals

refresh_words

REST Endpoints

/wp-json/dictionary/v1/show-random/wp-json/dictionary/v1/search-word

FAQ