WP-Safety

Gitium Security & Risk Analysis

wordpress.org/plugins/gitium

Automatic git version control and deployment for your plugins and themes integrated into wp-admin.

400 active installs v1.2.2 PHP 7.4+ WP 4.7+ Updated Dec 10, 2025
gitgitiumpresslabsrevisionversion-control
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Gitium Safe to Use in 2026?

Generally Safe

Score 100/100

Gitium has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The 'gitium' plugin version 1.2.2 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by exclusively using prepared statements for all SQL queries and avoids external HTTP requests. It also includes a decent number of nonce and capability checks, suggesting an awareness of common WordPress security mechanisms. The absence of any recorded vulnerabilities or CVEs further contributes to a perceived low risk profile in its history.

However, the static analysis reveals significant concerns, primarily stemming from a substantial attack surface with unprotected entry points. All three identified AJAX handlers lack authentication checks, making them prime targets for unauthorized actions. Furthermore, the presence of dangerous functions like 'proc_open' introduces a potential for remote code execution if not handled with extreme care and proper input validation. The relatively low percentage of properly escaped outputs also raises flags regarding potential cross-site scripting (XSS) vulnerabilities.

While the vulnerability history is clean, this should not lead to complacency, especially given the identified weaknesses in the code analysis. The combination of unprotected AJAX endpoints and the use of 'proc_open' creates a critical risk that needs immediate attention. The plugin's strengths in SQL handling and external request avoidance are overshadowed by these critical flaws in its attack surface and the use of dangerous functions.

Key Concerns

  • AJAX handlers without auth checks
  • Presence of dangerous function 'proc_open'
  • Low percentage of properly escaped outputs
Vulnerabilities
None known

Gitium Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Gitium Code Analysis

Dangerous Functions
3
Raw SQL Queries
0
0 prepared
Unescaped Output
35
40 escaped
Nonce Checks
10
Capability Checks
5
File Operations
10
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

proc_open$process = proc_open(gitium.php:67
proc_open$proc = proc_open(inc\class-git-wrapper.php:176
proc_open$process = proc_open(inc\class-git-wrapper.php:656

Output Escaping

53% escaped75 total outputs
Attack Surface
3 unprotected

Gitium Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 3

authwp_ajax_wp-plugin-delete-successgitium.php:277
authwp_ajax_wp-theme-delete-successgitium.php:278
authwp_ajax_edit-theme-plugin-filegitium.php:360
WordPress Hooks 27
actionadmin_initfunctions.php:426
actionadmin_enqueue_scriptsfunctions.php:428
actionplugins_loadedgitium.php:63
actionload-plugins.phpgitium.php:162
filterupgrader_post_installgitium.php:241
actionupgrader_process_completegitium.php:255
actionactivated_plugingitium.php:260
actiondeactivated_plugingitium.php:265
actionload-plugins.phpgitium.php:275
actionadmin_headgitium.php:291
actionadmin_headgitium.php:304
actionload-themes.phpgitium.php:311
filterwp_die_ajax_handlergitium.php:351
actionadmin_enqueue_scriptsgitium.php:362
actionadmin_noticesgitium.php:380
actioninitinc\class-gitium-admin.php:54
actionadmin_initinc\class-gitium-submenu-configure.php:31
actionadmin_initinc\class-gitium-submenu-configure.php:32
actionadmin_initinc\class-gitium-submenu-configure.php:33
actionadmin_initinc\class-gitium-submenu-configure.php:34
actionadmin_initinc\class-gitium-submenu-configure.php:35
actionadmin_initinc\class-gitium-submenu-settings.php:29
actionadmin_initinc\class-gitium-submenu-settings.php:30
actionadmin_initinc\class-gitium-submenu-settings.php:31
actionadmin_initinc\class-gitium-submenu-status.php:31
actionadmin_initinc\class-gitium-submenu-status.php:32
actionadmin_initinc\class-gitium-submenu-status.php:33
Maintenance & Trust

Gitium Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 10, 2025
PHP min version7.4
Downloads22K

Community Trust

Rating82/100
Number of ratings10
Active installs400
Alternatives

Gitium Alternatives

WP Document Revisions

WP Document Revisions

wp-document-revisions

A
99

A document management and version control plugin for WordPress that allows teams of any size to collaboratively edit files and manage their workflow.

2K 1 CVE
No Updates for Plugins under Revision Control

No Updates for Plugins under Revision Control

no-updates-for-plugins-under-svn

A
85

Prevents plugins from being updated by the WordPress updater if they are under Subversion revision control (or other systems).

10 No CVEs
Post Version Control

Post Version Control

post-version-control

A
85

Automatic version control for posts with the same prefix in the post_name

10 No CVEs
WP GitHub Sync Meta

WP GitHub Sync Meta

wp-github-sync-meta

A
100

A WordPress plugin to sync meta, tags and categories with a GitHub via wp-github-sync

10 No CVEs
Writing On GitHub

Writing On GitHub

writing-on-github

A
100

A WordPress plugin to allow you writing on GitHub (or Jekyll site).

10 No CVEs
Developer Profile

Gitium Developer Profile

Presslabs

5 plugins · 1K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
25 days
View full developer profile
Detection Fingerprints

How We Detect Gitium

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gitium/assets/css/gitium-admin.css/wp-content/plugins/gitium/assets/js/gitium-admin.js/wp-content/plugins/gitium/assets/css/gitium-git-graph.css/wp-content/plugins/gitium/assets/js/gitium-git-graph.js
Script Paths
/wp-content/plugins/gitium/assets/js/gitium-admin.js/wp-content/plugins/gitium/assets/js/gitium-git-graph.js
Version Parameters
gitium/assets/css/gitium-admin.css?ver=gitium/assets/js/gitium-admin.js?ver=gitium/assets/css/gitium-git-graph.css?ver=gitium/assets/js/gitium-git-graph.js?ver=

HTML / DOM Fingerprints

CSS Classes
gitium-status-bargitium-commits-list-containergitium-commit-detailsgitium-config-formgitium-menu-section
HTML Comments
<!-- Gitium Admin Page --><!-- Gitium Git Graph --><!-- Gitium Status --><!-- Gitium Commits -->+1 more
Data Attributes
data-gitium-actiondata-gitium-repodata-gitium-branch
JS Globals
gitiumAdmingitiumGitGraph
REST Endpoints
/wp-json/gitium/v1/status/wp-json/gitium/v1/commits/wp-json/gitium/v1/settings
Shortcode Output
[gitium_status][gitium_commits]
FAQ

Frequently Asked Questions about Gitium