Does Eyes Only have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Eyes Only compatible with WordPress 6.6.5?

According to WordPress.org data, Eyes Only 1.0.9 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

How often is Eyes Only updated?

Eyes Only was last updated on Jul 15, 2024. Frequent updates are generally a positive security signal.

What is Eyes Only's security score?

Eyes Only has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Eyes Only Security & Risk Analysis

wordpress.org/plugins/eyes-only-plus

The ultimate tool for publishing your private thoughts in public

60 active installs v1.0.9 PHP + WP 5.4+ Updated Jul 15, 2024

anonymoushideprivacyprivateredaction

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Eyes Only Safe to Use in 2026?

Generally Safe

Score 92/100

Eyes Only has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The 'eyes-only-plus' plugin version 1.0.9 exhibits a generally good security posture, particularly concerning its handling of SQL queries and the absence of critical taint flows. The fact that all SQL queries utilize prepared statements is a significant strength, mitigating a common source of vulnerabilities. The plugin also shows positive signs with the presence of a nonce check and a file operation that is likely controlled within the plugin's logic.

However, there are areas that warrant attention. The relatively low percentage of properly escaped output (44%) suggests a potential risk of Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is directly rendered without adequate sanitization. The absence of capability checks on the single shortcode is also a concern, as it implies that any user, regardless of their role, could potentially execute the shortcode's functionality. While there are no recorded vulnerabilities or critical taint flows, the identified code signals indicate potential weaknesses that could be exploited if not addressed.

In conclusion, 'eyes-only-plus' v1.0.9 has a solid foundation with secure SQL practices and no known historical vulnerabilities. Nevertheless, the lack of capability checks on the shortcode and the significant proportion of unescaped output represent the most immediate risks. Addressing these specific areas would greatly enhance the plugin's overall security.

Key Concerns

Low percentage of properly escaped output
Shortcode without capability checks

Vulnerabilities

None known

Eyes Only Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Eyes Only Release Timeline

v1.0.9Current

v1.0

Code Analysis

Analyzed Mar 16, 2026

Eyes Only Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

11 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

44% escaped25 total outputs

Attack Surface

Eyes Only Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[redact] model.php:134

WordPress Hooks 7

actionadmin_menumodel.php:82

actionadmin_enqueue_scriptsmodel.php:83

actionadmin_enqueue_scriptsmodel.php:88

filtermce_buttonsmodel.php:90

filtermce_external_pluginsmodel.php:91

filterthe_contentmodel.php:98

actionwp_headmodel.php:101

Maintenance & Trust

Eyes Only Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedJul 15, 2024

PHP min version

Downloads5K

Community Trust

Rating100/100

Number of ratings1

Active installs60

Alternatives

Eyes Only Alternatives

Force Login

wp-force-login

Force Login is a simple lightweight plugin that requires visitors to log in to interact with the website.

30K No CVEs

My Private Site

jonradio-private-site

Make your WordPress site private with one click for family, projects, or teams. Protection for content, login, and registration.

20K 2 CVEs

Anonymous Restricted Content

anonymous-restricted-content

Simple but yet effective plugin to hide selected posts and pages from anonymous users.

1K 2 CVEs

Private Store for WooCommerce B2B & Wholesale by B2BKing

b2bking-private-store-for-woocommerce

100

Hide prices for logged out users, or even hide the store completely! Perfect solution for Private, B2B, and Wholesale stores.

600 No CVEs

BP Simple Private

bp-simple-private

A simple Private Content settings plugin for BuddyPress or the BuddyBoss Platform.

500 No CVEs

Developer Profile

Eyes Only Developer Profile

Archetyped

4 plugins · 150K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

24 days

View full developer profile

Detection Fingerprints

How We Detect Eyes Only

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/eyes-only-plus/css/style.css

Script Paths

/wp-content/plugins/eyes-only-plus/js/eop.js/wp-content/plugins/eyes-only-plus/js/admin.js

HTML / DOM Fingerprints

CSS Classes

redacted

JS Globals

eyes_only_prefix

Shortcode Output

[redact]

FAQ