WP-Safety

Genealogical Tree – WordPress Family Tree Security & Risk Analysis

wordpress.org/plugins/genealogical-tree

Genealogical Tree is a ultimate solution for creating and displaying family trees, family history, builds ancestor profiles on WordPress.

600 active installs v2.2.6 PHP 7.4+ WP 4.4+ Updated Dec 14, 2025
ancestryfamily-historyfamily-treegedgenealogy
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVESep 22, 2025
Plugin page Download
Safety Verdict

Is Genealogical Tree – WordPress Family Tree Safe to Use in 2026?

Mostly Safe

Score 78/100

Genealogical Tree – WordPress Family Tree is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Sep 22, 2025Updated 3mo ago
Risk Assessment

The genealogical-tree plugin v2.2.6 exhibits a mixed security posture. On the positive side, it demonstrates strong practices regarding SQL queries, exclusively using prepared statements, and a high percentage (96%) of properly escaped output, indicating a good understanding of preventing common web vulnerabilities. The presence of numerous capability checks and nonces further suggests an effort to secure the application.

However, significant concerns arise from the large attack surface exposed by unprotected AJAX handlers. With 9 out of 9 AJAX handlers lacking authentication checks, this presents a substantial risk for unauthorized actions or data manipulation. The plugin also has a known, unpatched medium severity vulnerability (CVE) related to Cross-Site Scripting, which is a serious concern that needs immediate attention.

The vulnerability history, specifically the single unpatched medium CVE, coupled with the unprotected AJAX handlers, suggests that while some security measures are in place, there are critical oversights that could be exploited. The plugin has demonstrated a past weakness in input sanitization for XSS, and the lack of authentication on AJAX endpoints creates new avenues for similar attacks.

Key Concerns

  • Unprotected AJAX handlers
  • Unpatched CVE (medium severity)
  • Bundled Freemius v1.0 library
Vulnerabilities
1

Genealogical Tree – WordPress Family Tree Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-58023medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Genealogical Tree <= 2.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 22, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Genealogical Tree – WordPress Family Tree Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
32
742 escaped
Nonce Checks
10
Capability Checks
32
File Operations
0
External Requests
0
Bundled Libraries
2

Bundled Libraries

Select2Freemius1.0

Output Escaping

96% escaped774 total outputs
Data Flows
All sanitized

Data Flow Analysis

4 flows
<genealogical-tree-handel-collaboration> (admin\genealogical-tree-handel-collaboration.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
9 unprotected

Genealogical Tree – WordPress Family Tree Attack Surface

Entry Points16
Unprotected9

AJAX Handlers 9

authwp_ajax_search_membersincludes\class-genealogical-tree.php:151
noprivwp_ajax_search_membersincludes\class-genealogical-tree.php:152
authwp_ajax_get_posts_by_term_or_no_termincludes\class-genealogical-tree.php:154
noprivwp_ajax_get_posts_by_term_or_no_termincludes\class-genealogical-tree.php:155
authwp_ajax_delete_posts_by_idsincludes\class-genealogical-tree.php:157
authwp_ajax_fix_ver_upgrade_ajaxincludes\class-genealogical-tree.php:209
noprivwp_ajax_fix_ver_upgrade_ajaxincludes\class-genealogical-tree.php:210
authwp_ajax_generate_default_treeincludes\class-genealogical-tree.php:219
noprivwp_ajax_generate_default_treeincludes\class-genealogical-tree.php:220

Shortcodes 7

[tree] includes\class-genealogical-tree.php:265
[gt-tree] includes\class-genealogical-tree.php:266
[gt-tree-list] includes\class-genealogical-tree.php:267
[gt-member] includes\class-genealogical-tree.php:269
[gt-members] includes\class-genealogical-tree.php:270
[gt-user-registration] includes\class-genealogical-tree.php:272
[gt-user-login] includes\class-genealogical-tree.php:273
WordPress Hooks 49
actionplugins_loadedgenealogical-tree.php:126
actionplugins_loadedincludes\class-genealogical-tree.php:134
actionadmin_enqueue_scriptsincludes\class-genealogical-tree.php:146
actionadmin_enqueue_scriptsincludes\class-genealogical-tree.php:147
actioninitincludes\class-genealogical-tree.php:148
actionadmin_menuincludes\class-genealogical-tree.php:149
actionadd_meta_boxesincludes\class-genealogical-tree.php:161
actionadd_meta_boxesincludes\class-genealogical-tree.php:162
actionadd_meta_boxesincludes\class-genealogical-tree.php:163
actionpost_updatedincludes\class-genealogical-tree.php:166
actionpost_updatedincludes\class-genealogical-tree.php:167
filtermanage-gt-member_posts_columnsincludes\class-genealogical-tree.php:170
actionmanage_gt-member_posts_custom_columnincludes\class-genealogical-tree.php:171
filtermanage_edit-gt-member_sortable_columnsincludes\class-genealogical-tree.php:172
filtermanage_gt-tree_posts_columnsincludes\class-genealogical-tree.php:175
actionmanage_gt-tree_posts_custom_columnincludes\class-genealogical-tree.php:176
actioninitincludes\class-genealogical-tree.php:179
filterquery_varsincludes\class-genealogical-tree.php:180
actionuser_registerincludes\class-genealogical-tree.php:183
actionbefore_delete_postincludes\class-genealogical-tree.php:186
filterpost_classincludes\class-genealogical-tree.php:187
filteruser_has_capincludes\class-genealogical-tree.php:190
actionbp_setup_navincludes\class-genealogical-tree.php:191
actionbp_template_titleincludes\class-genealogical-tree.php:192
actionbp_template_contentincludes\class-genealogical-tree.php:193
actionadmin_post_process_export_postincludes\class-genealogical-tree.php:196
actionadmin_post_process_import_postincludes\class-genealogical-tree.php:197
filtermanage_gt-tree_posts_columnsincludes\class-genealogical-tree.php:200
actionmanage_posts_custom_columnincludes\class-genealogical-tree.php:201
actionquick_edit_custom_boxincludes\class-genealogical-tree.php:204
actionsave_postincludes\class-genealogical-tree.php:205
actionadmin_noticesincludes\class-genealogical-tree.php:213
filterparent_fileincludes\class-genealogical-tree.php:218
actionadmin_noticesincludes\class-genealogical-tree.php:221
actioncreate_gt-family-groupincludes\class-genealogical-tree.php:222
actionedited_gt-family-groupincludes\class-genealogical-tree.php:223
actionadmin_initincludes\class-genealogical-tree.php:224
filterget_terms_argsincludes\class-genealogical-tree.php:227
actionrest_api_initincludes\class-genealogical-tree.php:239
actionrest_api_initincludes\class-genealogical-tree.php:240
actionrest_api_initincludes\class-genealogical-tree.php:241
actionrest_api_initincludes\class-genealogical-tree.php:242
actioninitincludes\class-genealogical-tree.php:255
actionwp_enqueue_scriptsincludes\class-genealogical-tree.php:256
actionwp_enqueue_scriptsincludes\class-genealogical-tree.php:257
filterthe_contentincludes\class-genealogical-tree.php:259
filterget_the_excerptincludes\class-genealogical-tree.php:260
actionpre_get_postsincludes\class-genealogical-tree.php:261
actionlogin_form_middleincludes\class-genealogical-tree.php:263
Maintenance & Trust

Genealogical Tree – WordPress Family Tree Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedDec 14, 2025
PHP min version7.4
Downloads29K

Community Trust

Rating82/100
Number of ratings16
Active installs600
Alternatives

Genealogical Tree – WordPress Family Tree Alternatives

GedShow

GedShow

gedshow

A
85

GedShow creates a shortcode to display the contents of an uploaded gedcom file to show the family history of individuals in the file.

200 No CVEs
Genealogy

Genealogy

genealogy

A
85

"Being revamped" Map out your family relationships using the Genealogy plugin.

40 No CVEs
WP Family Tree

WP Family Tree

wp-family-tree

A
85

WP Family Tree is a graphical family tree generator plugin for Wordpress. Each family member have their own blog post.

200 No CVEs
Single Sign On For TNG

Single Sign On For TNG

single-sign-on-for-tng

A
100

Single Sign On For TNG automates the login to the genealogy program TNG by Darrin Lithgoe.

20 No CVEs
FamTree

FamTree

famtree

A
100

This plugin provides a block to manage and visualize family trees (Scaffolded with Create Block tool).

10 No CVEs
Developer Profile

Genealogical Tree – WordPress Family Tree Developer Profile

akdevs

2 plugins · 620 total installs

86
trust score
Avg Security Score
89/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Genealogical Tree – WordPress Family Tree

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/genealogical-tree/freemius/start.php/wp-content/plugins/genealogical-tree/admin/css/select2.min.css/wp-content/plugins/genealogical-tree/admin/css/genealogical-tree-admin.css/wp-content/plugins/genealogical-tree/admin/js/select2.full.min.js/wp-content/plugins/genealogical-tree/admin/js/genealogical-tree-admin.js
Script Paths
/wp-content/plugins/genealogical-tree/admin/js/genealogical-tree-admin.js
Version Parameters
genealogical-tree/admin/css/select2.min.css?ver=genealogical-tree/admin/css/genealogical-tree-admin.css?ver=genealogical-tree/admin/js/select2.full.min.js?ver=genealogical-tree/admin/js/genealogical-tree-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
genealogical-tree-admin
Data Attributes
data-genealogical-tree-settings
JS Globals
genealogical_tree_settings
REST Endpoints
/wp-json/genealogical-tree
FAQ

Frequently Asked Questions about Genealogical Tree – WordPress Family Tree