Generate Security.txt Security & Risk Analysis

wordpress.org/plugins/generate-security-txt

With a security.txt file, ethical hackers can easily send you a notification when they have found a vulnerability on your website.

400 active installs v1.0.12 PHP + WP 6.3+ Updated Mar 30, 2026
responsible-disclosuresecuritysecurity-txt
78
B · Generally Safe
CVEs total1
Unpatched1
Last CVEJun 23, 2026
Safety Verdict

Is Generate Security.txt Safe to Use in 2026?

Mostly Safe

Score 78/100

Generate Security.txt is generally safe to use. 1 past CVE were resolved.

1 known CVE 1 unpatched Last CVE: Jun 23, 2026Updated 3mo ago
Risk Assessment

The "generate-security-txt" plugin version 1.0.10 presents a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for its SQL queries and avoids bundled libraries, which can often introduce vulnerabilities. The absence of any known vulnerabilities in its history is also a significant strength, suggesting a generally well-maintained codebase. However, several concerns warrant attention, primarily stemming from its attack surface. A significant portion of its AJAX handlers lack authentication checks, creating potential entry points for unauthorized actions. While taint analysis didn't reveal critical or high severity issues, the presence of a flow with unsanitized paths indicates a potential risk of data manipulation if that path were to be exploited through an unauthenticated AJAX handler. The limited number of capability checks, coupled with the unprotected AJAX handlers, further amplifies this risk.

Key Concerns

  • Unprotected AJAX handlers
  • Flow with unsanitized paths
  • File operations without auth
  • External HTTP requests without auth
  • Low percentage of properly escaped output
Vulnerabilities
1 published

Generate Security.txt Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched
2026
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2026-9616medium · 4.3Missing Authorization

Generate Security.txt <= 1.0.12 - Missing Authorization to Authenticated (Subscriber+) Security.txt Deletion via delete_securitytxt AJAX Action

Jun 23, 2026Unpatched
Version History

Generate Security.txt Release Timeline

v1.0.12Current1 CVE
v1.0.111 CVE
v1.0.101 CVE
v1.0.91 CVE
v1.0.81 CVE
v1.0.71 CVE
v1.0.61 CVE
v1.0.51 CVE
Code Analysis
Analyzed Mar 16, 2026

Generate Security.txt Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
53
89 escaped
Nonce Checks
3
Capability Checks
0
File Operations
1
External Requests
1
Bundled Libraries
0

Output Escaping

63% escaped142 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths
<class-generate-security-txt-admin> (admin\class-generate-security-txt-admin.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

Generate Security.txt Attack Surface

Entry Points4
Unprotected3

AJAX Handlers 4

authwp_ajax_init_actionlistadmin\class-generate-security-txt-admin.php:111
authwp_ajax_process_actionlistadmin\class-generate-security-txt-admin.php:112
authwp_ajax_post_finishadmin\class-generate-security-txt-admin.php:113
authwp_ajax_status_loaderadmin\class-generate-security-txt-admin.php:114
WordPress Hooks 14
actionplugins_loadedincludes\class-generate-security-txt.php:142
actioninitincludes\class-generate-security-txt.php:157
actionadmin_enqueue_scriptsincludes\class-generate-security-txt.php:158
actionadmin_enqueue_scriptsincludes\class-generate-security-txt.php:159
actionadmin_menuincludes\class-generate-security-txt.php:160
filterplugin_row_metaincludes\class-generate-security-txt.php:163
actionadmin_noticesincludes\class-generate-security-txt.php:166
actioncurrent_screenincludes\class-generate-security-txt.php:169
actioncheck_securitytxt_expiration_eventincludes\class-generate-security-txt.php:172
actionadmin_initincludes\class-generate-security-txt.php:173
actionsecuritytxt_archiveorg_request_eventincludes\class-generate-security-txt.php:174
actionadmin_initincludes\class-generate-security-txt.php:175
actionsecuritytxt_verify_file_contents_eventincludes\class-generate-security-txt.php:176
actionadmin_initincludes\class-generate-security-txt.php:177

Scheduled Events 3

check_securitytxt_expiration_event
securitytxt_archiveorg_request_event
securitytxt_verify_file_contents_event
Maintenance & Trust

Generate Security.txt Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 30, 2026
PHP min version
Downloads5K

Community Trust

Rating100/100
Number of ratings1
Active installs400
Developer Profile

Generate Security.txt Developer Profile

verenigingvanregistrars

1 plugin · 400 total installs

79
trust score
Avg Security Score
78/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Generate Security.txt

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/generate-security-txt/js/generate-security-txt-admin.js/wp-content/plugins/generate-security-txt/css/generate-security-txt-admin.css/wp-content/plugins/generate-security-txt/css/jquery-ui.css
Script Paths
/wp-content/plugins/generate-security-txt/js/generate-security-txt-admin.js
Version Parameters
generate-security-txt/css/generate-security-txt-admin.css?ver=generate-security-txt/css/jquery-ui.css?ver=generate-security-txt/js/generate-security-txt-admin.js?ver=

HTML / DOM Fingerprints

Data Attributes
data-page-name="security_txt_generator"
JS Globals
window.securitytxt
FAQ

Frequently Asked Questions about Generate Security.txt