Does Feature Request & Idea Collector have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Feature Request & Idea Collector compatible with WordPress 4.7.33?

According to WordPress.org data, Feature Request & Idea Collector 1.3.1 has been tested up to WordPress 4.7.33. Check the plugin's changelog for the latest compatibility information.

How often is Feature Request & Idea Collector updated?

Feature Request & Idea Collector was last updated on May 6, 2017. Frequent updates are generally a positive security signal.

What is Feature Request & Idea Collector's security score?

Feature Request & Idea Collector has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Feature Request & Idea Collector Security & Risk Analysis

wordpress.org/plugins/feature-request

Advanced Feature request and suggestion submitter with voting system for WordPress.

30 active installs v1.3.1 PHP + WP 4.4+ Updated May 6, 2017

feature-requestidea-suggestionsuggestion-system

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Feature Request & Idea Collector Safe to Use in 2026?

Generally Safe

Score 85/100

Feature Request & Idea Collector has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The "feature-request" plugin version 1.3.1 exhibits a mixed security posture. On the positive side, it has a clean vulnerability history with no known CVEs, and the taint analysis revealed no critical or high-severity issues. The majority of SQL queries utilize prepared statements, and there are a reasonable number of capability checks and nonce checks present.

However, the plugin does present several areas of concern. A significant portion of the attack surface, specifically 2 out of 14 entry points, are unprotected AJAX handlers. This is a notable risk as these handlers could be exploited by unauthenticated users. Furthermore, the presence of dangerous functions like `create_function` and `unserialize` raises red flags, as these can be vectors for code injection or deserialization vulnerabilities if not handled with extreme care and proper input validation. The relatively low percentage of properly escaped output (47%) also indicates a risk of Cross-Site Scripting (XSS) vulnerabilities.

In conclusion, while the plugin benefits from a lack of historical vulnerabilities, the static analysis reveals specific weaknesses that warrant attention. The unprotected AJAX endpoints and the use of dangerous functions are the most pressing issues. The low rate of proper output escaping also contributes to the overall risk profile. Addressing these points would significantly improve the plugin's security.

Key Concerns

Unprotected AJAX handlers found
Use of dangerous function: unserialize
Use of dangerous function: create_function
Low percentage of properly escaped output
SQL queries with potential issues (25% not prepared)

Vulnerabilities

None known

Feature Request & Idea Collector Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Feature Request & Idea Collector Release Timeline

v1.3.1Current

v1.3.0

v1.2.0

v1.1.2

v1.1.1

v1.1.0

v1.0.7

Code Analysis

Analyzed Mar 16, 2026

Feature Request & Idea Collector Code Analysis

Dangerous Functions

Raw SQL Queries

15 prepared

Unescaped Output

54 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_function$callback = create_function('', 'echo "'.str_replace('"', '\"', $section['desc']).'";');admin\includes\class-avfr-settings-api.php:107

unserialize$profile = unserialize( $str );public\includes\avfr-functions.php:804

SQL Query Safety

75% prepared20 total queries

Output Escaping

47% escaped114 total outputs

Data Flows · Security

All sanitized

Data Flow Analysis

5 flows

avfr_has_vote_flag (includes\class-avfr-db.php:185)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Feature Request & Idea Collector Attack Surface

Entry Points14

Unprotected2

AJAX Handlers 12

authwp_ajax_avfr_resetadmin\includes\class-avfr-settings.php:28

authwp_ajax_process_entryincludes\class-avfr-entry.php:17

authwp_ajax_my_actionincludes\class-avfr-entry.php:18

noprivwp_ajax_process_entryincludes\class-avfr-entry.php:20

noprivwp_ajax_my_actionincludes\class-avfr-entry.php:21

authwp_ajax_process_change_statusincludes\class-avfr-status.php:18

authwp_ajax_avfr_voteincludes\class-avfr-votes.php:16

authwp_ajax_avfr_add_flagincludes\class-avfr-votes.php:17

authwp_ajax_avfr_calc_remaining_votesincludes\class-avfr-votes.php:18

noprivwp_ajax_avfr_voteincludes\class-avfr-votes.php:19

noprivwp_ajax_avfr_calc_remaining_votesincludes\class-avfr-votes.php:20

noprivwp_ajax_avfr_add_flagincludes\class-avfr-votes.php:21

Shortcodes 2

[feature_request] public\includes\class-avfr-shortcodes.php:20

[feature_request_user_votes] public\includes\class-avfr-shortcodes.php:21

WordPress Hooks 27

filtermanage_avfr_posts_columnsadmin\includes\class-avfr-columns.php:16

actionmanage_avfr_posts_custom_columnadmin\includes\class-avfr-columns.php:17

actionadd_meta_boxesadmin\includes\class-avfr-meta.php:16

actionsave_postadmin\includes\class-avfr-meta.php:17

actionadmin_enqueue_scriptsadmin\includes\class-avfr-settings-api.php:30

actionadmin_initadmin\includes\class-avfr-settings.php:25

actionadmin_menuadmin\includes\class-avfr-settings.php:26

actionadmin_headadmin\includes\class-avfr-settings.php:27

actiongroups_edit_form_fieldsadmin\includes\class-avfr-settings.php:494

actiongroups_add_form_fieldsadmin\includes\class-avfr-settings.php:495

actionedited_groupsadmin\includes\class-avfr-settings.php:515

actioncreate_groupsadmin\includes\class-avfr-settings.php:516

actionplugins_loadedfeature-request.php:38

actionplugins_loadedfeature-request.php:42

actionavfr_entry_submittedincludes\class-avfr-entry.php:19

actioninitincludes\class-avfr-post-type.php:17

actionavfr_add_voteincludes\class-avfr-status.php:17

actionavfr_statusincludes\class-avfr-status.php:19

actionplugins_loadedincludes\class-avfr-upgrade.php:19

actioninitincludes\class-avfr-upgrade.php:20

filterwpmu_drop_tablesincludes\class-axiom-table.php:122

actionwpmu_new_blogpublic\class-feature-request.php:38

actioninitpublic\class-feature-request.php:51

filterquery_varspublic\includes\avfr-functions.php:151

actionpre_get_postspublic\includes\avfr-functions.php:207

actionwp_enqueue_scriptspublic\includes\class-avfr-assets.php:9

filtertemplate_includepublic\includes\class-avfr-template.php:17

Maintenance & Trust

Feature Request & Idea Collector Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.33

Last updatedMay 6, 2017

PHP min version

Downloads7K

Community Trust

Rating56/100

Number of ratings10

Active installs30

Alternatives

Feature Request & Idea Collector Alternatives

IdeaPush

ideapush

IdeaPush is a feature request management system for WordPress

800 8 CVEs

Simple Feature Requests Free – User Feedback Board

simple-feature-requests

100

Collect and manage user feedback using your existing WordPress website. Prioritize the product features important to you and your customers.

100 No CVEs

Product Feature Request

product-feature-request

Product Feature Request plugin allows you to easily create and manage feature requests in your WordPress products.

50 No CVEs

Boomerang – Feature Request Platform

boomerang

100

A slick, modern feature request and feedback platform for WordPress. Visit us at boomerangwp.com.

0 No CVEs

FeedHub – Feedback Widget

feedhub-feedback-widget

100

Easily collect user feedback on your WordPress site with FeedHub's beautiful feedback widget.

0 No CVEs

Developer Profile

Feature Request & Idea Collector Developer Profile

averta

6 plugins · 310K total installs

trust score

Avg Security Score

76/100

Avg Patch Time

252 days

View full developer profile

Detection Fingerprints

How We Detect Feature Request & Idea Collector

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/feature-request/public/css/feature-request.css/wp-content/plugins/feature-request/public/js/feature-request.js

Script Paths

/wp-content/plugins/feature-request/public/js/feature-request.js

Version Parameters

feature-request/public/css/feature-request.css?ver=feature-request/public/js/feature-request.js?ver=

HTML / DOM Fingerprints

CSS Classes

feature-request-wrapperfeature-request-formfeature-request-submit-button

HTML Comments

Data Attributes

data-feature-request-iddata-feature-request-nonce

JS Globals

featureRequestAVFR_AJAX_URL

REST Endpoints

/wp-json/feature-request/v1/submit/wp-json/feature-request/v1/vote

Shortcode Output

[feature_request_form][feature_request_list]

FAQ