Does Generate Box have any unpatched vulnerabilities?

No. All known vulnerabilities in Generate Box have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Generate Box compatible with WordPress 3.5.2?

According to WordPress.org data, Generate Box 0.3 has been tested up to WordPress 3.5.2. Check the plugin's changelog for the latest compatibility information.

How often is Generate Box updated?

Generate Box was last updated on May 26, 2013. Frequent updates are generally a positive security signal.

What is Generate Box's security score?

Generate Box has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Generate Box Security & Risk Analysis

wordpress.org/plugins/generate-box

More functionality for the StudioPress Generate Child Theme.

10 active installs v0.3 PHP + WP + Updated May 26, 2013

formsgenerategenerate-boxgenesisoptin-form

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Generate Box Safe to Use in 2026?

Generally Safe

Score 85/100

Generate Box has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The "generate-box" plugin v0.3 demonstrates a generally strong security posture based on the provided static analysis. The absence of known vulnerabilities, combined with a complete lack of identified taint flows and dangerous functions, is highly positive. Furthermore, the use of prepared statements for all SQL queries and the absence of file operations or external HTTP requests are excellent security practices. However, a significant concern arises from the low percentage of properly escaped output. With over 20 output instances and only 57% properly escaped, there's a substantial risk of Cross-Site Scripting (XSS) vulnerabilities, especially if the plugin handles user-provided data in its output. The lack of capability checks and nonce checks on any identified entry points (though none were found) also presents a latent risk if the plugin's functionality evolves to include more sensitive operations or user interactions.

Key Concerns

Low percentage of properly escaped output
Missing capability checks on potential entry points
Missing nonce checks on potential entry points

Vulnerabilities

None known

Generate Box Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Generate Box Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

12 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

57% escaped21 total outputs

Attack Surface

Generate Box Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionadmin_initgenerate-box.php:19

actiongenesis_initgenerate-box.php:20

actiongenesis_settings_sanitizer_initinclude\admin.php:53

actionadmin_initinclude\admin.php:84

actionadmin_noticesinclude\admin.php:111

actionadmin_menuinclude\admin.php:137

filterscreen_layout_columnsinclude\admin.php:307

actiongenesis_after_headerinclude\box.php:7

Maintenance & Trust

Generate Box Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2

Last updatedMay 26, 2013

PHP min version

Downloads8K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Generate Box Alternatives

Auto Coupon Generate for Gravity Forms

gf-auto-coupon-generate

Sometimes users need a little extra push to fill out the form and hit that submit button. This snippet provides a way to dynamically create coupon cod …

10 No CVEs