Does Faust.js have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Faust.js compatible with WordPress 6.7.5?

According to WordPress.org data, Faust.js 1.8.0 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Faust.js compatible with PHP 7.4+?

Faust.js requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Faust.js updated?

Faust.js was last updated on Mar 3, 2025. Frequent updates are generally a positive security signal.

What is Faust.js's security score?

Faust.js has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Faust.js Security & Risk Analysis

wordpress.org/plugins/faustwp

Faust.js™ transforms your traditional WordPress installation into a flexible headless CMS.

1K active installs v1.8.0 PHP 7.4+ WP 5.7+ Updated Mar 3, 2025

composable-architecturedecoupledfaustfaustjsheadless

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Faust.js Safe to Use in 2026?

Generally Safe

Score 92/100

Faust.js has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The plugin 'faustwp' v1.8.0 exhibits a concerning security posture due to a significant number of unprotected entry points, specifically 8 REST API routes without permission callbacks. While the code demonstrates good practices in other areas, such as the absence of dangerous functions, 100% use of prepared statements for SQL queries, and a high rate of output escaping (98%), the unprotected REST API routes present a substantial attack surface. The lack of taint analysis data is noted, but the existing static analysis findings are sufficient to highlight critical areas of concern. The plugin has no recorded vulnerability history, which is a positive indicator, but this cannot outweigh the immediate risks posed by its current architecture.

Despite the excellent handling of SQL queries and output escaping, the plugin's security is significantly undermined by its lack of authentication on all identified REST API endpoints. This means any unauthenticated user could potentially interact with these routes, leading to unintended actions or information disclosure depending on the functionality implemented within them. The absence of any recorded vulnerabilities in its history is a positive signal, suggesting a potential for responsible development practices. However, the current state of the exposed REST API routes demands immediate attention to mitigate the risk of exploitation. The plugin has strengths in its internal code handling but a critical weakness in its external access control.

Key Concerns

Unprotected REST API routes

Vulnerabilities

None known

Faust.js Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Faust.js Release Timeline

v1.8.0Current

v1.4.1

v1.3.2

v1.3.1

v1.3.0

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.2

v1.1.1

v1.1.0

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

v0.8.7

v0.8.6

v0.8.5

Code Analysis

Analyzed Mar 16, 2026

Faust.js Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

39 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

98% escaped40 total outputs

Attack Surface

8 unprotected

Faust.js Attack Surface

Entry Points8

Unprotected8

REST API Routes 8

POST/wp-json/faustwp/v1/blocksetincludes\rest\callbacks.php:83

POST/wp-json/faustwp/v1/telemetry/decisionincludes\rest\callbacks.php:93

POST/wp-json/faustwp/v1/telemetryincludes\rest\callbacks.php:103

POST/wp-json/faustwp/v1/authorizeincludes\rest\callbacks.php:113

POST/wp-json/faustwp/v1/process_telemetryincludes\rest\callbacks.php:123

POST/wp-json/faustwp/v1/validate_secret_keyincludes\rest\callbacks.php:133

POST/wp-json/faustwp/v1/validate_public_wordpress_urlincludes\rest\callbacks.php:143

POST/wp-json/wpac/v1/authorizeincludes\rest\callbacks.php:158

WordPress Hooks 51

actionadmin_noticesfaustwp.php:43

actionadmin_menuincludes\admin-menus\callbacks.php:16

actionwp_before_admin_bar_renderincludes\admin-menus\callbacks.php:65

actioncurrent_screenincludes\admin-menus\callbacks.php:89

actionparse_requestincludes\auth\callbacks.php:16

filterallowed_redirect_hostsincludes\auth\callbacks.php:57

actioninitincludes\blocks\callbacks.php:14

filterstyle_loader_srcincludes\blocks\callbacks.php:87

filterscript_loader_srcincludes\blocks\callbacks.php:88

actiontemplate_redirectincludes\deny-public-access\callbacks.php:19

actionadmin_noticesincludes\detect-conflicts\callbacks.php:43

actionadmin_footerincludes\detect-conflicts\callbacks.php:92

actiongraphql_register_typesincludes\graphql\callbacks.php:19

filtergraphql_get_setting_section_field_valueincludes\graphql\callbacks.php:48

actiongraphql_register_typesincludes\graphql\callbacks.php:77

actiongraphql_register_typesincludes\graphql\callbacks.php:105

actiongraphql_register_typesincludes\graphql\callbacks.php:240

actiongraphql_register_typesincludes\graphql\callbacks.php:308

actionafter_setup_themeincludes\menus\callbacks.php:16

actionafter_setup_themeincludes\menus\callbacks.php:36

filterthe_contentincludes\replacement\callbacks.php:27

filterwpgraphql_content_blocks_resolver_contentincludes\replacement\callbacks.php:28

filterwp_calculate_image_srcsetincludes\replacement\callbacks.php:89

filterpreview_post_linkincludes\replacement\callbacks.php:142

filterpost_linkincludes\replacement\callbacks.php:234

filterpage_linkincludes\replacement\callbacks.php:235

filterpost_type_linkincludes\replacement\callbacks.php:236

filterterm_linkincludes\replacement\callbacks.php:287

actionenqueue_block_editor_assetsincludes\replacement\callbacks.php:306

filterrest_api_initincludes\replacement\callbacks.php:324

filterwp_sitemaps_posts_entryincludes\replacement\callbacks.php:357

filterwp_sitemaps_taxonomies_entryincludes\replacement\callbacks.php:367

filterwpseo_xml_sitemap_post_urlincludes\replacement\callbacks.php:377

filterdetermine_current_userincludes\rest\callbacks.php:35

actionrest_api_initincludes\rest\callbacks.php:70

actionadmin_noticesincludes\settings\callbacks.php:19

actionadmin_menuincludes\settings\callbacks.php:57

actionadmin_initincludes\settings\callbacks.php:79

actionadmin_initincludes\settings\callbacks.php:94

actionadmin_initincludes\settings\callbacks.php:114

filtersanitize_option_faustwp_settingsincludes\settings\callbacks.php:179

actionload-settings_page_faustwp-settingsincludes\settings\callbacks.php:274

actionload-settings_page_faustwp-settingsincludes\settings\callbacks.php:483

actionadmin_enqueue_scriptsincludes\settings\callbacks.php:493

filterplugin_action_links_faustwp/faustwp.phpincludes\settings\callbacks.php:539

filterfaustwp_get_settingincludes\settings\callbacks.php:555

actionadmin_noticesincludes\telemetry\callbacks.php:13

actionadmin_enqueue_scriptsincludes\telemetry\callbacks.php:77

actionplugins_loadedincludes\updates\upgrade-database.php:10

actionwp_initialize_siteincludes\utilities\callbacks.php:80

actioninitincludes\utilities\callbacks.php:96

Maintenance & Trust

Faust.js Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedMar 3, 2025

PHP min version7.4

Downloads65K

Community Trust

Rating100/100

Number of ratings7

Active installs1K

Alternatives

Faust.js Alternatives

WPGraphQL

wp-graphql

WPGraphQL adds a flexible and powerful GraphQL API to WordPress, enabling efficient querying and interaction with your site's data.

30K 9 CVEs

CoCart – Headless REST API for WooCommerce

cart-rest-api-for-woocommerce

100

A developer-first REST API to decouple WooCommerce on the frontend to help build modern and scalable storefronts. Fast, secure, customizable, easy.

1K 1 CVE

WPGraphQL IDE

wpgraphql-ide

100

GraphQL IDE for WPGraphQL

1K No CVEs

WPGraphQL Send Mail

add-wpgraphql-send-mail

This plugin enables to send email via WPGraphQL.

500 No CVEs

CoCart CORS Support

cocart-cors

Enables support for CORS to allow CoCart to work across multiple domains.

400 No CVEs

Developer Profile

Faust.js Developer Profile

WP Engine

16 plugins · 3.5M total installs

trust score

Avg Security Score

91/100

Avg Patch Time

831 days

View full developer profile

Detection Fingerprints

How We Detect Faust.js

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/faustwp/includes/blocks/css/styles.css/wp-content/plugins/faustwp/includes/settings/css/main.css/wp-content/plugins/faustwp/includes/settings/css/fields.css

Script Paths

/wp-content/plugins/faustwp/includes/blocks/js/editor.js/wp-content/plugins/faustwp/includes/settings/js/main.js/wp-content/plugins/faustwp/includes/settings/js/fields.js/wp-content/plugins/faustwp/assets/js/auth.js/wp-content/plugins/faustwp/assets/js/faustwp-admin-menu.js/wp-content/plugins/faustwp/assets/js/main.js

Version Parameters

faustwp/includes/blocks/css/styles.css?ver=faustwp/includes/settings/css/main.css?ver=faustwp/includes/settings/css/fields.css?ver=faustwp/includes/blocks/js/editor.js?ver=faustwp/includes/settings/js/main.js?ver=faustwp/includes/settings/js/fields.js?ver=faustwp/assets/js/auth.js?ver=faustwp/assets/js/faustwp-admin-menu.js?ver=faustwp/assets/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes

faustwp-menu-page

Data Attributes

data-faustwp-admin-menu

JS Globals

FaustWPAuthFaustWPAdminMenu

FAQ