Does Gato GraphQL have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Gato GraphQL compatible with WordPress 6.9.4?

According to WordPress.org data, Gato GraphQL 17.1.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Gato GraphQL compatible with PHP 8.1+?

Gato GraphQL requires PHP 8.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Gato GraphQL updated?

Gato GraphQL was last updated on Mar 24, 2026. Frequent updates are generally a positive security signal.

What is Gato GraphQL's security score?

Gato GraphQL has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Gato GraphQL Security & Risk Analysis

wordpress.org/plugins/gatographql

Powerful and flexible GraphQL server for WordPress. Access any piece of data (posts, users, comments, tags, etc) from your app via a GraphQL API.

70 active installs v17.1.1 PHP 8.1+ WP 6.1+ Updated Mar 24, 2026

apidecoupledgraphqlheadlesswebhook

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Gato GraphQL Safe to Use in 2026?

Generally Safe

Score 100/100

Gato GraphQL has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "gatographql" v17.0.0 plugin exhibits a strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events with unprotected entry points is a significant positive. Furthermore, the code demonstrates good practices by using prepared statements for all SQL queries and a high percentage (85%) of properly escaped output, indicating a deliberate effort to prevent common injection and XSS vulnerabilities. The plugin also incorporates nonce and capability checks, further hardening its security.

Key Concerns

High percentage of output not properly escaped
File operations present
External HTTP requests present
Bundled libraries (Guzzle)

Vulnerabilities

None known

Gato GraphQL Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Gato GraphQL Release Timeline

v17.1.1Current

v17.1.0

v17.0.0

v16.1.0

v16.0.1

v16.0.0

v15.2.0

v15.1.0

v15.0.0

v14.0.3

v14.0.1

v13.2.0

v13.1.1

v13.1.0

v13.0.2

v13.0.0

v12.12.0.22

v12.12.0.21

v12.12.0.20

v12.12.0.19

Code Analysis

Analyzed Mar 16, 2026

Gato GraphQL Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

193 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Guzzle

Output Escaping

85% escaped227 total outputs

Attack Surface

Gato GraphQL Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 48

actionadmin_noticesincludes\startup.php:31

filterinstall_plugins_tabssrc\Admin\Tables\AbstractExtensionListTable.php:59

filterinstall_plugins_nonmenu_tabssrc\Admin\Tables\AbstractExtensionListTable.php:60

filterplugins_apisrc\Admin\Tables\AbstractExtensionListTable.php:61

filterplugins_api_resultsrc\Admin\Tables\AbstractExtensionListTable.php:62

filterplugin_install_action_linkssrc\Admin\Tables\AbstractExtensionListTable.php:63

filterapplication_password_is_api_requestsrc\ContainerLess\BeforeAppIsLoadedStaticHelpers.php:121

filterapplication_password_is_api_requestsrc\Hooks\ApplicationPasswordAuthorizationHookSet.php:58

actionapplication_password_failed_authenticationsrc\Hooks\ApplicationPasswordAuthorizationHookSet.php:64

actionadmin_noticessrc\Marketplace\LicenseValidationService.php:392

filterplugins_apisrc\MarketplaceProviders\AbstractMarketplaceProviderCommercialPluginUpdaterService.php:93

filtersite_transient_update_pluginssrc\MarketplaceProviders\AbstractMarketplaceProviderCommercialPluginUpdaterService.php:94

actionupgrader_process_completesrc\MarketplaceProviders\AbstractMarketplaceProviderCommercialPluginUpdaterService.php:95

actionadmin_noticessrc\Plugin.php:88

actionadmin_enqueue_scriptssrc\Plugin.php:113

actionadmin_noticessrc\Plugin.php:125

actionenqueue_block_editor_assetssrc\Plugin.php:258

actionafter_setup_themesrc\PluginApp.php:30

actionactivate_pluginsrc\PluginSkeleton\AbstractMainPlugin.php:455

actiondeactivate_pluginsrc\PluginSkeleton\AbstractMainPlugin.php:461

actiondeactivate_pluginsrc\PluginSkeleton\AbstractMainPlugin.php:467

actionswitch_themesrc\PluginSkeleton\AbstractMainPlugin.php:472

actionupgrader_process_completesrc\PluginSkeleton\AbstractMainPlugin.php:497

actionadmin_enqueue_scriptssrc\PluginSkeleton\AbstractMainPlugin.php:502

actioninitsrc\PluginSkeleton\AbstractMainPlugin.php:733

actionadmin_noticessrc\PluginSkeleton\AbstractMainPlugin.php:1185

actioninitsrc\PluginSkeleton\AbstractPlugin.php:453

actioninitsrc\PluginSkeleton\AbstractPlugin.php:503

actionwp_print_scriptssrc\Services\Blocks\AbstractBlock.php:470

filteruse_block_editor_for_post_typesrc\Services\CustomPostTypes\AbstractCustomPostType.php:121

actioninitsrc\Services\CustomPostTypes\AbstractCustomPostType.php:130

actioninitsrc\Services\CustomPostTypes\AbstractCustomPostType.php:135

filterallowed_block_types_allsrc\Services\CustomPostTypes\AbstractCustomPostType.php:150

filterallowed_block_typessrc\Services\CustomPostTypes\AbstractCustomPostType.php:157

actionadmin_print_scriptssrc\Services\CustomPostTypes\AbstractCustomPostType.php:167

filterthe_contentsrc\Services\CustomPostTypes\AbstractCustomPostType.php:178

actionrestrict_manage_postssrc\Services\CustomPostTypes\AbstractCustomPostType.php:195

filterpost_row_actionssrc\Services\CustomPostTypes\AbstractCustomPostType.php:206

filterpage_row_actionssrc\Services\CustomPostTypes\AbstractCustomPostType.php:212

filteruser_can_richeditsrc\Services\CustomPostTypes\AbstractCustomPostType.php:251

actionadmin_headsrc\Services\CustomPostTypes\AbstractCustomPostType.php:259

filtermedia_buttons_contextsrc\Services\CustomPostTypes\AbstractCustomPostType.php:263

filterquicktags_settingssrc\Services\CustomPostTypes\AbstractCustomPostType.php:271

actionadmin_headsrc\Services\CustomPostTypes\AbstractCustomPostType.php:281

actionadmin_initsrc\Services\MenuPages\AbstractSettingsMenuPage.php:127

actionadmin_initsrc\Services\MenuPages\LogsMenuPage.php:109

actionadmin_noticessrc\Services\MenuPages\LogsMenuPage.php:645

actionwp_print_scriptssrc\Services\Scripts\AbstractScript.php:255

Maintenance & Trust

Gato GraphQL Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 24, 2026

PHP min version8.1

Downloads9K

Community Trust

Rating100/100

Number of ratings36

Active installs70

Alternatives

Gato GraphQL Alternatives

WPGraphQL

wp-graphql

WPGraphQL adds a flexible and powerful GraphQL API to WordPress, enabling efficient querying and interaction with your site's data.

30K 9 CVEs

WPGraphQL Blocks

wpgraphql-blocks

Get gutenberg blocks as JSON through wp-graphql

400 No CVEs

WPGraphQL for ACF

wpgraphql-acf

100

WPGraphQL for ACF seamlessly integrates Advanced Custom Fields with WPGraphQL.

10K No CVEs

BabyLoveGrowth Integration

babylovegrowth-integration

100

Secure REST endpoint to publish posts from BabyLoveGrowth.ai backend via API key.

1K No CVEs

CoCart – Headless REST API for WooCommerce

cart-rest-api-for-woocommerce

100

A developer-first REST API to decouple WooCommerce on the frontend to help build modern and scalable storefronts. Fast, secure, customizable, easy.

1K 1 CVE

Developer Profile

Gato GraphQL Developer Profile

leoloso

2 plugins · 80 total installs

trust score

Avg Security Score

93/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Gato GraphQL

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gatographql/assets/css/wp-list-table-fix.css

Version Parameters

gatographql/assets/css/wp-list-table-fix.css?ver=

HTML / DOM Fingerprints

CSS Classes

gatographql-list-table

FAQ