WP-Safety

Enstract SEO Security & Risk Analysis

wordpress.org/plugins/enstract-seo

Enstract SEO is the best tool to extract entities from your post or pages using Google’s Natural Language Processing.

0 active installs v1.0 PHP 7.2+ WP 5.2+ Updated Dec 1, 2021
enstractphpseothemethemes
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Enstract SEO Safe to Use in 2026?

Generally Safe

Score 85/100

Enstract SEO has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago
Risk Assessment

The 'enstract-seo' v1.0 plugin presents a significant security risk primarily due to its unprotected REST API endpoints. While the static analysis shows no dangerous functions, all SQL queries use prepared statements, and output is properly escaped, the absence of any permission callbacks on its 10 REST API routes creates a wide attack surface. This means any unauthenticated user could potentially interact with these endpoints, leading to unintended consequences or further exploitation if the endpoints perform sensitive actions or expose information. The lack of nonces and capability checks on these entry points exacerbates this issue. The plugin's vulnerability history is clean, with no recorded CVEs, which is a positive indicator. However, this lack of history, combined with the current identified weaknesses, suggests a plugin that may not have undergone extensive security scrutiny or one where potential vulnerabilities have yet to be discovered. The bundling of Guzzle is noted, but without version information, its security posture is unknown. The overall security posture is concerning due to the large number of unprotected entry points, outweighing the positive indicators of secure coding practices in other areas.

Key Concerns

  • REST API routes without permission callbacks
  • AJAX handlers without auth checks
  • No nonce checks
  • No capability checks
  • Bundled library (Guzzle) without version info
Vulnerabilities
None known

Enstract SEO Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Enstract SEO Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

Enstract SEO Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
0
6 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Guzzle

Output Escaping

100% escaped6 total outputs
Attack Surface
10 unprotected

Enstract SEO Attack Surface

Entry Points10
Unprotected10

REST API Routes 10

POST/wp-json/enstract/v1/fetch/entitesapp/Controllers/Core/WordpressRest/WordpressRest.php:63
POST/wp-json/enstract/v1/enstract/add/entityapp/Controllers/Core/WordpressRest/WordpressRest.php:68
POST/wp-json/enstract/v1/logoutapp/Controllers/Core/WordpressRest/WordpressRest.php:73
GET/wp-json/enstract/v1/checkauthapp/Controllers/Core/WordpressRest/WordpressRest.php:78
POST/wp-json/enstract/v1/updatetokenapp/Controllers/Core/WordpressRest/WordpressRest.php:83
POST/wp-json/enstract/v1/enstractapp/Controllers/Core/WordpressRest/WordpressRest.php:88
POST/wp-json/enstract/v1/enstract/sort/entitiesapp/Controllers/Core/WordpressRest/WordpressRest.php:93
POST/wp-json/enstract/v1/enstract/entities/slugsapp/Controllers/Core/WordpressRest/WordpressRest.php:98
POST/wp-json/enstract/v1/enstract/entities/updateapp/Controllers/Core/WordpressRest/WordpressRest.php:103
POST/wp-json/enstract/v1/enstract/entities/deleteapp/Controllers/Core/WordpressRest/WordpressRest.php:108
WordPress Hooks 10
actionadmin_enqueue_scriptsapp/Controllers/Core/Enqueue/Enqueue.php:10
actionadmin_enqueue_scriptsapp/Controllers/Core/Enqueue/Enqueue.php:29
actionadmin_enqueue_scriptsapp/Controllers/Core/Enqueue/Enqueue.php:49
actionrest_api_initapp/Controllers/Core/WordpressRest/WordpressRest.php:11
actionadd_meta_boxesapp/Controllers/Enstract/Sidebar/Sidebar.php:12
actionadmin_menuenstract-seo.php:26
actionwp_trash_postenstract-seo.php:27
actioninitenstract-seo.php:28
filtertaxonomy_templateenstract-seo.php:109
filterthe_contentenstract-seo.php:114
Maintenance & Trust

Enstract SEO Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13
Last updatedDec 1, 2021
PHP min version7.2
Downloads884

Community Trust

Rating40/100
Number of ratings1
Active installs0
Alternatives

Enstract SEO Alternatives

BrightLeaf Digital PHP Compatibility Scanner

BrightLeaf Digital PHP Compatibility Scanner

brightleaf-digital-php-compatibility-scanner

A
100

This plugin scans your installed plugins and themes for potential PHP compatibility issues when upgrading to newer PHP versions.

200 No CVEs
Template SEO Checker

Template SEO Checker

template-seo-checker

A
85

This plugin allows you to check if current template your are using for your website is SEO friendly or not.

10 No CVEs
Plugins List

Plugins List

wp-system-snapshot

A
85

The perfect tool for developers to see a quick snapshot of the WordPress system.

10 No CVEs
Child Theme Configurator

Child Theme Configurator

child-theme-configurator

A
100

When using the Customizer is not enough - Create a child theme from your installed themes and customize styles, templates, functions and more.

300K No CVEs
Hello Plus

Hello Plus

hello-plus

A
100

Hello+ is a free WordPress plugin designed to work seamlessly with Elementor’s Hello suite of themes.

80K No CVEs
Developer Profile

Enstract SEO Developer Profile

Adapt Digital Ltd

1 plugin · 0 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Enstract SEO

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/enstract-seo/assets/css/global-admin.css/wp-content/plugins/enstract-seo/assets/css/enstract-admin.css/wp-content/plugins/enstract-seo/dist/js/admin.bundle.js/wp-content/plugins/enstract-seo/assets/css/all.min.css/wp-content/plugins/enstract-seo/assets/css/vue-select.css/wp-content/plugins/enstract-seo/assets/css/google-fonts.css/wp-content/plugins/enstract-seo/assets/js/enstract.js/wp-content/plugins/enstract-seo/dist/js/enstract.bundle.js+1 more
Script Paths
/wp-content/plugins/enstract-seo/dist/js/admin.bundle.js/wp-content/plugins/enstract-seo/dist/js/enstract.bundle.js
Version Parameters
enstract-seo/assets/css/global-admin.css?ver=enstract-seo/assets/css/enstract-admin.css?ver=enstract-seo/dist/js/admin.bundle.js?ver=enstract-seo/assets/css/all.min.css?ver=enstract-seo/assets/css/vue-select.css?ver=enstract-seo/assets/css/google-fonts.css?ver=enstract-seo/assets/js/enstract.js?ver=enstract-seo/dist/js/enstract.bundle.js?ver=enstract-seo/assets/css/font-awesome.css?ver=

HTML / DOM Fingerprints

CSS Classes
enstract-sidebar
Data Attributes
data-v-app
JS Globals
wpApiSettingsrest_options
REST Endpoints
/wp-json/enstract/v1/update-token/wp-json/enstract/v1/fetch-entities/wp-json/enstract/v1/store-entity/wp-json/enstract/v1/enstract/wp-json/enstract/v1/sort-entities/wp-json/enstract/v1/get-categories/wp-json/enstract/v1/get-entity-taxonomy/wp-json/enstract/v1/check-auth/wp-json/enstract/v1/logout
Shortcode Output
<p style="text-align:center;"><a href="https://www.bluearray.co.uk/enstract/" target="_blank">Entity Extraction by Blue Array’s ‘Enstract’ Plugin</a></p>
FAQ

Frequently Asked Questions about Enstract SEO