WP-Safety

Exodox Security & Risk Analysis

wordpress.org/plugins/exodox

With Exodox you can earn money from your web content, by locking access to selected posts and pages, which readers can unlock with a one-off payment.

60 active installs v1.1.0 PHP 7.4+ WP 5.2+ Updated Jun 10, 2025
exodoxlock-postmicro-paymentsmonetizepaywall
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Exodox Safe to Use in 2026?

Generally Safe

Score 100/100

Exodox has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago
Risk Assessment

Based on the static analysis, "exodox" v1.1.0 appears to have a strong security posture. The plugin demonstrates good practices by having no identified entry points without authentication, no dangerous functions, and a strong adherence to using prepared statements for all SQL queries. The high percentage of properly escaped output further mitigates risks related to cross-site scripting. The plugin also appears to handle file operations and external HTTP requests in a way that doesn't immediately raise red flags, and the presence of capability checks is a positive indicator.

However, the complete lack of taint analysis flows and the absence of nonce checks are areas for concern. While the static analysis did not find specific unsanitized paths, the lack of taint analysis means potential vulnerabilities in data handling might not have been uncovered. The absence of nonce checks on potential entry points, if any were present, could leave the plugin vulnerable to cross-site request forgery attacks. The vulnerability history being entirely clear is a positive sign, suggesting a lack of past exploitable issues. Overall, the plugin is built with good security principles, but the limited depth of the static analysis, particularly in taint flows and nonce checks, suggests that further manual review might be beneficial to ensure all potential attack vectors are secured.

Key Concerns

  • Lack of nonce checks
  • Zero taint flows analyzed
Vulnerabilities
None known

Exodox Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Exodox Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
7
184 escaped
Nonce Checks
0
Capability Checks
4
File Operations
0
External Requests
4
Bundled Libraries
0

Output Escaping

96% escaped191 total outputs
Attack Surface

Exodox Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 41
actionplugins_loadedadmin\init.php:29
actionwp_enqueue_scriptsadmin\init.php:30
actionadmin_initadmin\settings.php:17
actionadmin_menuadmin\settings.php:18
actionadmin_noticesadmin\settings.php:34
actionrest_api_initapi\rest-api.php:16
filterrest_authentication_errorsapi\rest-api.php:17
actionexodox_render_price_infocore\components\locked-post-page.php:42
actionexodox_render_post_imagecore\components\locked-post-page.php:50
actionexodox_render_action_buttoncore\components\locked-post-page.php:54
actionexodox_render_top_messagecore\components\locked-post-page.php:60
actionexodox_render_report_abusecore\components\locked-post-page.php:69
actionexodox_render_shortcutscore\components\locked-post-page.php:87
actionexodox_render_bottom_messagecore\components\locked-post-page.php:102
filterthe_content_feedcore\locks\feeds.php:12
filterloop_startcore\locks\loops.php:20
filterthe_postcore\locks\loops.php:21
filterthe_postscore\locks\loops.php:27
filterthe_postscore\locks\posts.php:31
filterthe_titlecore\locks\posts.php:32
actionexodox_render_price_infocore\locks\posts.php:165
actionexodox_render_post_imagecore\locks\posts.php:173
actionexodox_render_action_buttoncore\locks\posts.php:177
actionexodox_render_top_messagecore\locks\posts.php:183
actionexodox_render_report_abusecore\locks\posts.php:191
actionexodox_render_shortcutscore\locks\posts.php:196
actionexodox_render_bottom_messagecore\locks\posts.php:228
filtertemplate_includecore\locks\template-redirect.php:22
actionexodox_render_locked_headercore\locks\template-redirect.php:48
actionexodox_render_locked_post_pagecore\locks\template-redirect.php:49
actionexodox_render_locked_footercore\locks\template-redirect.php:50
actioninitcore\redirects.php:22
filterallowed_redirect_hostscore\redirects.php:25
actionwp_logoutcore\user\cookies.php:22
filterhome_urlcore\user\cookies.php:91
filterpost_linkcore\user\cookies.php:92
filterpage_linkcore\user\cookies.php:93
filterattachment_linkcore\user\cookies.php:94
filterpost_type_linkcore\user\cookies.php:95
filterscript_loader_tagjs\js-frontend.php:36
actionadmin_bar_menulog\logger.php:16
Maintenance & Trust

Exodox Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 10, 2025
PHP min version7.4
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs60
Alternatives

Exodox Alternatives

Fluid

Fluid

fluid

A
85

WordPress Integration for Fluid.us mircopayment Fluid is a new revenue partner for publishers. Capture revenues beyond advertising and traditional pay …

10 No CVEs
PREMIUUM Content Monetization

PREMIUUM Content Monetization

premiuum-content-monetization

A
85

Revenue-per-Link™ content monetization. PREMIUUM makes it easy to sell articles, music, videos, files & links via subscriptions and/or micropayments.

0 No CVEs
AdRotate Banner Manager

AdRotate Banner Manager

adrotate

A
88

Easily manage, and schedule ads on your WordPress site with AdRotate. Support for Google AdSense, Amazon, and custom banners. Start monetizing today!

20K 9 CVEs
Quads Ads Manager for Google AdSense

Quads Ads Manager for Google AdSense

quick-adsense-reloaded

A
93

Ads & AdSense plugin supporting Media.net, DFP, ads.txt, Web Stories ads, click fraud protection, revenue sharing, and ad blocker detection.

20K 4 CVEs
HBAgency

HBAgency

hbagency

A
92

Effortlessly integrate HBAgency on your website with our official plugin. Insert ads.txt, manage placements, and integrate our script seamlessly.

9K No CVEs
Developer Profile

Exodox Developer Profile

Exodox

1 plugin · 60 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Exodox

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/exodox/admin/assets/css/style.css/wp-content/plugins/exodox/admin/assets/js/admin.js/wp-content/plugins/exodox/admin/assets/img/logo.png/wp-content/plugins/exodox/admin/assets/js/vendor/jquery-3.6.0.min.js/wp-content/plugins/exodox/admin/assets/js/vendor/bootstrap.bundle.min.js/wp-content/plugins/exodox/admin/assets/js/vendor/font-awesome.js
Script Paths
/wp-content/plugins/exodox/admin/assets/js/admin.js/wp-content/plugins/exodox/admin/assets/js/vendor/jquery-3.6.0.min.js/wp-content/plugins/exodox/admin/assets/js/vendor/bootstrap.bundle.min.js/wp-content/plugins/exodox/admin/assets/js/vendor/font-awesome.js
Version Parameters
exodox/admin/assets/css/style.css?ver=exodox/admin/assets/js/admin.js?ver=exodox/admin/assets/js/vendor/jquery-3.6.0.min.js?ver=exodox/admin/assets/js/vendor/bootstrap.bundle.min.js?ver=exodox/admin/assets/js/vendor/font-awesome.js?ver=

HTML / DOM Fingerprints

CSS Classes
exodox-lock-wrapperexodox-lock-contentexodox-login-formexodox-login-fieldexodox-buttonexodox-overlayexodox-modalexodox-modal-content+1 more
HTML Comments
<!-- begin exodox lock --><!-- end exodox lock --><!-- exodox: render -->
Data Attributes
data-exodox-lock-iddata-exodox-target-url
JS Globals
ExodoxFrontendexodoxConfig
REST Endpoints
/wp-json/exodox/v1/lock/wp-json/exodox/v1/unlock/wp-json/exodox/v1/settings
Shortcode Output
[exodox_content_lock][exodox_login_form]
FAQ

Frequently Asked Questions about Exodox