Glossary Security & Risk Analysis
wordpress.org/plugins/glossary-by-codeatBoost your SEO & UX with Codeat's Glossary: powerful auto-link engine; customizable tooltips, mobile settings, ChatGPT and much more!
Is Glossary Safe to Use in 2026?
Generally Safe
Score 99/100Glossary has a strong security track record. Known vulnerabilities have been patched promptly.
The 'glossary-by-codeat' plugin v2.3.11 presents a mixed security picture. On the positive side, the static analysis reveals a very small attack surface with no detected AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without authentication or permission checks. This suggests a deliberate effort to limit potential entry points. The plugin also shows some good coding practices, such as the use of capability checks and a decent percentage of SQL queries employing prepared statements. However, significant concerns arise from the output escaping, where only 21% of outputs are properly escaped, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the plugin has a history of two medium-severity CVEs, one of which was discovered very recently (July 2024), related to information exposure and XSS. The absence of nonce checks across all entry points is also a notable weakness, especially given the presence of file operations and a bundled library that could potentially be exploited.
Key Concerns
- Low percentage of properly escaped output
- Presence of 2 medium severity CVEs, one recent
- No nonce checks
- Bundled library (Freemius v1.0) may be outdated
- A file operation is present
Glossary Security Vulnerabilities
CVEs by Year
Severity Breakdown
2 total CVEs
Glossary <= 2.2.26 - Unauthenticated Full Path Disclosure
Glossary <= 2.1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting
Glossary Code Analysis
Bundled Libraries
SQL Query Safety
Output Escaping
Data Flow Analysis
Glossary Attack Surface
WordPress Hooks 4
Maintenance & Trust
Glossary Maintenance & Trust
Maintenance Signals
Community Trust
Glossary Alternatives
CM Tooltip Glossary
enhanced-tooltipglossary
Transform jargon into engaging content that boosts SEO, drives engagement, improves conversions, with automatic links and tooltips.
Glossary Tooltip – Build a Smart Knowledge Base with Tooltips
glossary-tooltip
Create a powerful glossary knowledge base to boost SEO, increase engagement, improve conversions with automatic links and tooltips.
Encyclopedia / Glossary / Wiki
encyclopedia-lexicon-glossary-wiki-dictionary
Supercharged tool to build your own awesome Encyclopedia / Lexicon / Glossary / Wiki / Dictionary / Knowledge base / Directory / Vocabulary in no time
iThoughts Tooltip Glossary
ithoughts-tooltip-glossary
Create beautiful tooltips for descriptions or glossary terms, easily
Glossary Pages
glossary-pages
A customizable, multilingual-ready glossary plugin with A-Z navigation, category filters, and search. Lightweight, flexible, and SEO-friendly.
Glossary Developer Profile
4 plugins · 2K total installs
How We Detect Glossary
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/glossary-by-codeat/assets/css/glossary-admin.css/wp-content/plugins/glossary-by-codeat/assets/css/admin.css/wp-content/plugins/glossary-by-codeat/assets/js/admin.js/wp-content/plugins/glossary-by-codeat/assets/js/pt.js/wp-content/plugins/glossary-by-codeat/assets/js/admin.js/wp-content/plugins/glossary-by-codeat/assets/js/pt.jsglossary-by-codeat/assets/css/glossary-admin.css?ver=glossary-by-codeat/assets/css/admin.css?ver=glossary-by-codeat/assets/js/admin.js?ver=glossary-by-codeat/assets/js/pt.js?ver=HTML / DOM Fingerprints
glossary-admin-single-styleglossary-admin-stylesdata-glossary-termglossaryAdmindata[glossary_terms][glossary_dictionary][glossary_alphabetical][glossary_search]