Does f(x) SSL have any unpatched vulnerabilities?

No. All known vulnerabilities in f(x) SSL have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is f(x) SSL compatible with WordPress 4.7.32?

According to WordPress.org data, f(x) SSL 1.1.0 has been tested up to WordPress 4.7.32. Check the plugin's changelog for the latest compatibility information.

How often is f(x) SSL updated?

f(x) SSL was last updated on Aug 1, 2016. Frequent updates are generally a positive security signal.

What is f(x) SSL's security score?

f(x) SSL has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

f(x) SSL Security & Risk Analysis

wordpress.org/plugins/fx-ssl

Simple SSL(HTTPS) Plugin.

40 active installs v1.1.0 PHP + WP 4.0+ Updated Aug 1, 2016

members-onlyprivate-siteprotect-rss

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is f(x) SSL Safe to Use in 2026?

Generally Safe

Score 85/100

f(x) SSL has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The fx-ssl plugin version 1.1.0 presents a mixed security posture. On the positive side, there are no registered vulnerabilities (CVEs) associated with this plugin, and the static analysis shows no immediate critical or high severity issues. The absence of dangerous functions, file operations, external HTTP requests, and the use of prepared statements for SQL queries are all good security practices. However, there are significant concerns regarding output escaping and the presence of unsanitized paths in taint flows.

The static analysis indicates that only 38% of output is properly escaped. This is a notable weakness, as insufficient output escaping can lead to Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the website. Additionally, the taint analysis revealed two flows with unsanitized paths. While marked as critical and high severity 0, this still points to potential pathways where user-supplied data could be misused to access or manipulate files or system resources if not handled with proper sanitization and validation.

The plugin's vulnerability history is clean, which is a positive indicator. However, the lack of recorded vulnerabilities could also be due to limited security auditing or the plugin's specific functionality not attracting attacker interest. The significant number of unprotected entry points being zero is excellent. Despite the clean history, the identified weaknesses in output escaping and taint flows warrant attention to prevent potential security incidents.

Key Concerns

Low output escaping percentage (38%)
Unsanitized paths in taint flows (2 instances)

Vulnerabilities

None known

f(x) SSL Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

f(x) SSL Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

38% escaped8 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

fx_ssl_template_redirect (includes\functions.php:58)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

f(x) SSL Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 17

actionplugins_loadedfx-ssl.php:42

actionadmin_noticesfx-ssl.php:91

actioninitincludes\functions.php:33

actiontemplate_redirectincludes\functions.php:45

actiontemplate_redirectincludes\functions.php:48

filterget_the_excerptincludes\functions.php:79

filterthe_contentincludes\functions.php:82

filterwidget_textincludes\functions.php:87

filterwp_nav_menuincludes\functions.php:90

filtertemplate_directory_uriincludes\functions.php:95

filterstylesheet_directory_uriincludes\functions.php:98

filterget_the_imageincludes\functions.php:103

filterpost_thumbnail_htmlincludes\functions.php:106

filterclean_urlincludes\functions.php:111

filterset_url_schemeincludes\functions.php:114

filterplugins_urlincludes\functions.php:117

actionadmin_initincludes\settings.php:41

Maintenance & Trust

f(x) SSL Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32

Last updatedAug 1, 2016

PHP min version

Downloads4K

Community Trust

Rating90/100

Number of ratings4

Active installs40

Alternatives

f(x) SSL Alternatives

f(x) Login Customizer

fx-login-customizer

Customize Login Page using the Customizer.

20 No CVEs

Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More

content-control

Restrict content based on login status, user roles, device type & more. Monetize your content with a paywall or members-only content.

40K 4 CVEs

Simple Membership

simple-membership

Simple membership plugin adds membership functionality to your site. Protect members only content using content protection easily.

40K 24 CVEs

My Private Site

jonradio-private-site

Make your WordPress site private with one click for family, projects, or teams. Protection for content, login, and registration.

20K 2 CVEs

s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions

s2member

❤️ Excellent membership plugin! Easy, quick, flexible. Monetize your site with memberships and subscriptions. Protect content instantly and securely.

9K 12 CVEs

Developer Profile

f(x) SSL Developer Profile

David Chandra Purnama

12 plugins · 2K total installs

trust score

Avg Security Score

83/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect f(x) SSL

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ