WP-Safety

Fulcrum Wiki Security & Risk Analysis

wordpress.org/plugins/fulcrum

Capture knowledge. Find information faster. Share your ideas with others. Save projects, meeting notes and marketing plans in WordPress.

0 active installs v1.0.7 PHP 7.4+ WP 5.0+ Updated Unknown
confluenceintranetknowledge-managementnotionwiki
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Fulcrum Wiki Safe to Use in 2026?

Generally Safe

Score 100/100

Fulcrum Wiki has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs
Risk Assessment

The Fulcrum plugin v1.0.7 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and avoids the use of dangerous functions. There is also a clean vulnerability history with no recorded CVEs, suggesting a generally stable and well-maintained codebase. However, significant security concerns are present due to the lack of proper authentication and authorization checks on its entry points.

The static analysis reveals one AJAX handler that lacks authentication, presenting a direct attack vector. Furthermore, the absence of nonce checks and capability checks across the plugin's code significantly increases its vulnerability to various attacks, including Cross-Site Request Forgery (CSRF) and unauthorized privilege escalation. While taint analysis did not reveal any immediate exploitable flows, this is likely due to the limited scope of analysis or the plugin's simplicity, and does not negate the risks posed by the unauthenticated entry points.

In conclusion, while the plugin avoids some common pitfalls like raw SQL queries and outdated bundled libraries, the unauthenticated AJAX handler is a critical weakness that demands immediate attention. The lack of comprehensive security checks on its entry points creates a substantial risk for WordPress sites using this plugin. Remediation should focus on implementing robust authentication and authorization mechanisms for all interactive functionalities.

Key Concerns

  • Unprotected AJAX handler
  • Missing nonce checks
  • Missing capability checks
  • Low percentage of properly escaped output
Vulnerabilities
None known

Fulcrum Wiki Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Fulcrum Wiki Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
8 prepared
Unescaped Output
16
12 escaped
Nonce Checks
0
Capability Checks
0
File Operations
13
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared8 total queries

Output Escaping

43% escaped28 total outputs
Attack Surface
1 unprotected

Fulcrum Wiki Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_fulc_admin_ajax_requestincludes\Core.php:153
WordPress Hooks 19
actionshutdownfulcrum.php:106
actionplugins_loadedincludes\Core.php:134
actionadmin_enqueue_scriptsincludes\Core.php:148
actionadmin_enqueue_scriptsincludes\Core.php:149
actionadmin_menuincludes\Core.php:151
filtertheme_page_templatesincludes\Core.php:156
filterdisplay_post_statesincludes\Core.php:159
actionadmin_initincludes\Core.php:162
actionwp_enqueue_scriptsincludes\Core.php:178
actionwp_enqueue_scriptsincludes\Core.php:179
filtertemplate_includeincludes\Core.php:181
filterscript_loader_tagincludes\Core.php:182
actioninitincludes\Core.php:184
actiongenerate_rewrite_rulesincludes\Core.php:185
actioninitincludes\Core.php:187
actioninitincludes\Core.php:188
actioninitincludes\Core.php:189
actionrest_api_initincludes\Core.php:190
actionrest_insert_wikipageincludes\Core.php:191
Maintenance & Trust

Fulcrum Wiki Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedUnknown
PHP min version7.4
Downloads952

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Fulcrum Wiki Alternatives

BuddyPress Docs

BuddyPress Docs

buddypress-docs

A
97

Adds collaborative Docs to BuddyPress.

7K 3 CVEs
Intranet & Private Site – All-In-One Intranet

Intranet & Private Site – All-In-One Intranet

all-in-one-intranet

A
100

Private intranet in one click. Auto-logout for security, login redirect, and multisite privacy controls included.

4K No CVEs
weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot

weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot

wedocs

A
95

Build AI-powered documentation hub with knowledge base, docs, wiki tools and chatbot support with weDocs, built by weDevs with 13 years of innovation.

4K 5 CVEs
Knowledge Base documentation & wiki plugin – BasePress Docs

Knowledge Base documentation & wiki plugin – BasePress Docs

basepress

A
95

Easily create & manage documentation. Reduce support tickets & scale your customer support workload. This simple plugin works with any theme.

2K 4 CVEs
EazyDocs – AI Powered Knowledge Base, Wiki, Documentation & FAQ Builder

EazyDocs – AI Powered Knowledge Base, Wiki, Documentation & FAQ Builder

eazydocs

A
91

Build professional knowledge bases with unlimited docs, drag-and-drop editor, live search, and SEO optimization.

2K 9 CVEs
Developer Profile

Fulcrum Wiki Developer Profile

rockiger

2 plugins · 3K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Fulcrum Wiki

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/fulcrum/admin/css/reactpress-admin.css/wp-content/plugins/fulcrum/admin/js/reactpress-admin.js/wp-content/plugins/fulcrum/admin/js/reactpress-admin/build/
Script Paths
/wp-content/plugins/fulcrum/admin/js/reactpress-admin.js
Version Parameters
fulcrum/admin/css/reactpress-admin.css?ver=fulcrum/admin/js/reactpress-admin.js?ver=

HTML / DOM Fingerprints

JS Globals
rp
FAQ

Frequently Asked Questions about Fulcrum Wiki