Does RockPress have any unpatched vulnerabilities?

No. All known vulnerabilities in RockPress have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is RockPress compatible with WordPress 6.9.4?

According to WordPress.org data, RockPress 1.0.18 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is RockPress compatible with PHP 8.0+?

RockPress requires PHP 8.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is RockPress updated?

RockPress was last updated on Mar 7, 2026. Frequent updates are generally a positive security signal.

What is RockPress's security score?

RockPress has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

RockPress Security & Risk Analysis

wordpress.org/plugins/ft-rockpress

Introducing the easiest way to display information from Rock RMS on your church WordPress site.

10 active installs v1.0.18 PHP 8.0+ WP 4.3+ Updated Mar 7, 2026

chmschurchrock-rmsrockrms

A · Safe

CVEs total1

Unpatched0

Last CVEMar 19, 2026

Plugin page Download

Safety Verdict

Is RockPress Safe to Use in 2026?

Generally Safe

Score 99/100

RockPress has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Mar 19, 2026Updated 27d ago

Risk Assessment

The "ft-rockpress" v1.0.18 plugin exhibits a mixed security posture. While it scores well in terms of the absence of recorded CVEs and critical taint analysis findings, several concerning aspects emerge from the static analysis. A significant portion of its attack surface, specifically 6 out of 7 AJAX handlers, lacks proper authentication checks, presenting a substantial risk of unauthorized access and potential exploitation of underlying functionalities. The presence of SQL queries that are not prepared is another weakness, increasing the susceptibility to SQL injection attacks.

Despite these concerns, the plugin demonstrates good practices in output escaping, with 89% of outputs properly handled. The lack of known vulnerabilities in its history suggests a generally well-maintained codebase or a lack of past discovery. However, the identified unprotected AJAX endpoints are a critical area that needs immediate attention, as they represent readily accessible entry points for attackers. The plugin's strengths lie in its lack of critical static analysis issues beyond the AJAX handlers and its good output escaping. The weaknesses are primarily the unprotected AJAX endpoints and the use of raw SQL queries, which, if exploited, could lead to severe security breaches.

Key Concerns

Unprotected AJAX handlers
SQL queries not using prepared statements

Vulnerabilities

RockPress Security Vulnerabilities

CVEs by Year

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2026-3550medium · 5.3Missing Authorization

RockPress <= 1.0.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via AJAX Actions

Mar 19, 2026 Patched in 1.0.18 (1d)

Code Analysis

Analyzed Mar 17, 2026

RockPress Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

224 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

SQL Query Safety

0% prepared1 total queries

Output Escaping

89% escaped253 total outputs

Attack Surface

6 unprotected

RockPress Attack Surface

Entry Points7

Unprotected6

AJAX Handlers 7

authwp_ajax_rockpress_check_servicesincludes\admin\admin-ajax.php:25

authwp_ajax_rockpress_shortcodeincludes\admin\shortcodes\class-shortcode-button.php:40

noprivwp_ajax_rockpress_shortcodeincludes\admin\shortcodes\class-shortcode-button.php:41

authwp_ajax_rockpress_importincludes\class-rockpress-import.php:31

authwp_ajax_rockpress_import_statusincludes\class-rockpress-import.php:32

authwp_ajax_rockpress_last_importincludes\class-rockpress-import.php:33

authwp_ajax_rockpress_reset_importincludes\class-rockpress-import.php:34

WordPress Hooks 41

actionwp_enqueue_scriptsft-rockpress.php:203

actionplugins_loadedft-rockpress.php:204

filterrockpress_settings_page_tabsincludes\admin\admin-page-tabs.php:25

filterrockpress_settings_page_tabsincludes\admin\admin-page-tabs.php:26

filterrockpress_settings_page_actionsincludes\admin\admin-page-tabs.php:27

actionadmin_menuincludes\admin\admin-pages.php:25

actionadmin_enqueue_scriptsincludes\admin\admin-scripts.php:25

actionadmin_print_stylesincludes\admin\admin-styles.php:25

actionadmin_initincludes\admin\settings\settings-import.php:25

actionadmin_initincludes\admin\settings\settings-licenses.php:25

actionadmin_initincludes\admin\settings\settings-rock.php:25

filterrockpress_settings_help_tabsincludes\admin\settings\settings-rock.php:26

actionadmin_initincludes\admin\settings\settings-rockpress.php:25

filtermce_external_pluginsincludes\admin\shortcodes\class-shortcode-button.php:35

actionadmin_enqueue_scriptsincludes\admin\shortcodes\class-shortcode-button.php:36

actionadmin_enqueue_scriptsincludes\admin\shortcodes\class-shortcode-button.php:37

actionmedia_buttonsincludes\admin\shortcodes\class-shortcode-button.php:38

actionadmin_initincludes\admin\shortcodes\class-shortcode-generator.php:70

filterrockpress_rest_controllersincludes\class-rockpress-addon.php:89

filterrockpress_support_topicsincludes\class-rockpress-addon.php:90

filterrockpress_import_jobsincludes\class-rockpress-addon.php:91

filterrockpress_uninstall_settingsincludes\class-rockpress-addon.php:92

filterrockpress_enable_beaconincludes\class-rockpress-addon.php:131

filterblock_categories_allincludes\class-rockpress-blocks.php:30

filterblock_categoriesincludes\class-rockpress-blocks.php:32

actioncustomize_registerincludes\class-rockpress-customizer.php:33

actionwp_footerincludes\class-rockpress-customizer.php:34

actionrockpress_maintenanceincludes\class-rockpress-import.php:27

actionrockpress_import_job_queuedincludes\class-rockpress-import.php:28

actionrockpress_import_jobs_dispatchedincludes\class-rockpress-import.php:29

actionrockpress_background_get_completeincludes\class-rockpress-import.php:30

filterrockpress_license_keysincludes\class-rockpress-licenses.php:129

actionadmin_initincludes\class-rockpress-licenses.php:132

actionadmin_initincludes\class-rockpress-licenses.php:135

actionadmin_initincludes\class-rockpress-licenses.php:138

filterrockpress_settings_page_tabsincludes\class-rockpress-options.php:51

filterrockpress_settings_page_actionsincludes\class-rockpress-options.php:52

actionrockpress_schedule_getincludes\class-rockpress-rest-api.php:377

actionrockpress_transient_cache_cleanupincludes\class-rockpress-transients.php:39

actionwidgets_initincludes\widgets\widget-campus-selector.php:166

actionwidgets_initincludes\widgets\widget-service-times.php:197

Scheduled Events 2

rockpress_maintenance

rockpress_transient_cache_cleanup

Maintenance & Trust

RockPress Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 7, 2026

PHP min version8.0

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

RockPress Alternatives

Church Data Connect for Church Community Builder

ccbpress-core

100

Introducing the easiest way to display information from Church Community Builder (formerly Church Community Builder) on your church WordPress site.

100 No CVEs

Spiritual Gifts Test

spiritual-gifts-test

100

Spiritual Gifts and S.H.A.P.E. Test to help church attendees find their place of service in the local church and other service organizations.

40 No CVEs

Church Content – Sermons, Events and More

church-theme-content

Provides an interface for managing sermons, events, people and locations. A compatible theme is required for presenting content from these church-cent …

4K 1 CVE

Advanced Sermons

advanced-sermons

Elevate your church's digital outreach with audio/video sermons, organized speakers, and series management.

1K 5 CVEs

Church Admin

church-admin

Organise and communicate church life, with associated Android and iOS app for your congregation.

1K 26 CVEs

Developer Profile

RockPress Developer Profile

FireTree Design

3 plugins · 310 total installs

100

trust score

Avg Security Score

100/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect RockPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ft-rockpress/assets/css/display.css

Version Parameters

rockpress/assets/css/display.css?ver=

HTML / DOM Fingerprints

FAQ