Does FriendlyCase have any unpatched vulnerabilities?

No. All known vulnerabilities in FriendlyCase have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is FriendlyCase compatible with WordPress 4.0.38?

According to WordPress.org data, FriendlyCase 1.0.7 has been tested up to WordPress 4.0.38. Check the plugin's changelog for the latest compatibility information.

How often is FriendlyCase updated?

FriendlyCase was last updated on Sep 15, 2014. Frequent updates are generally a positive security signal.

What is FriendlyCase's security score?

FriendlyCase has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

FriendlyCase Security & Risk Analysis

wordpress.org/plugins/friendlycase

Reformat titles from 'ALL CAPS' to 'All Caps' and enable friendly, word capitalization in posts, pages and more.

10 active installs v1.0.7 PHP + WP 3.1+ Updated Sep 15, 2014

friendlycasesentence-casetextstitletitlecase

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is FriendlyCase Safe to Use in 2026?

Generally Safe

Score 85/100

FriendlyCase has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The "friendlycase" plugin version 1.0.7 exhibits a strong security posture based on the provided static analysis and vulnerability history. The complete absence of identified attack surface points, dangerous functions, raw SQL queries, file operations, external HTTP requests, and taint flows suggests a well-secured codebase. The presence of 100% prepared statements for SQL queries is a significant positive indicator of safe database interaction.

However, the static analysis reveals a critical weakness: 0% of output escaping is properly implemented. This means that any dynamic data displayed by the plugin, even if not directly exploitable through the analyzed entry points, could potentially lead to cross-site scripting (XSS) vulnerabilities if user-supplied data is reflected directly in the output. The lack of capability checks and nonce checks, while not directly linked to discovered entry points, are generally considered good security practices for WordPress plugins, and their absence leaves room for potential privilege escalation or unauthorized actions if new, unprotected entry points were to be introduced in future versions.

Overall, the plugin's strength lies in its minimal and seemingly secure attack surface and database handling. The primary and significant concern is the complete lack of output escaping, which is a fundamental security requirement. The absence of any historical vulnerabilities is encouraging but should not negate the importance of addressing the identified output escaping issue.

Key Concerns

Output escaping is not implemented

Vulnerabilities

None known

FriendlyCase Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

FriendlyCase Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped3 total outputs

Attack Surface

FriendlyCase Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

filterthe_titlefriendlycase.php:40

actionadmin_initfriendlycase.php:75

actionadmin_menufriendlycase.php:76

Maintenance & Trust

FriendlyCase Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38

Last updatedSep 15, 2014

PHP min version

Downloads4K

Community Trust

Rating100/100

Number of ratings2

Active installs10

Alternatives

FriendlyCase Alternatives

WP Title Case

wp-title-case

Automatically applied title case rules to WordPress titles. This plugin automatically updates Page and Post titles to follow title casing rules.

90 No CVEs

Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO)

auto-image-attributes-from-filename-with-bulk-updater

100

Automatically add Image Alt Text, Title, Caption and Description from Filename. Bulk update existing images. Great for Image SEO and Accessibility.

100K No CVEs

Title Remover

title-remover

Gives you the ability to hide the title of any post, page or custom post type item without affecting menus or titles in the admin area.

80K No CVEs

Auto Featured Image (Auto Post Thumbnail)

auto-post-thumbnail

Automatically generate, assign, and manage featured images in bulk so every post on your site has a featured image.

50K 6 CVEs

Phoenix Media Rename

phoenix-media-rename

100

The Phoenix Media Rename plugin allows you to easily rename (and retitle) your media files, once uploaded.

50K 1 CVE

Developer Profile

FriendlyCase Developer Profile

kelter

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect FriendlyCase

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

fc_lcfc_ucfc_ig

HTML Comments

Data Attributes

fc-wrapfc-tablefc-rowfc-textarea

FAQ