Does Guten Free Options have any unpatched vulnerabilities?

Yes — Guten Free Options currently has 2 unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is Guten Free Options compatible with WordPress 6.8.5?

According to WordPress.org data, Guten Free Options 0.9.7 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Guten Free Options compatible with PHP 5.2.4+?

Guten Free Options requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Guten Free Options updated?

Guten Free Options was last updated on Jul 2, 2025. Frequent updates are generally a positive security signal.

What is Guten Free Options's security score?

Guten Free Options has a WP-Safety security score of 58/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Guten Free Options Security & Risk Analysis

wordpress.org/plugins/guten-free-options

Gutenberg Free Options for your WordPressed Burger err I mean Editor.

200 active installs v0.9.7 PHP 5.2.4+ WP 4.9.0+ Updated Jul 2, 2025

block-editorclassic-editorgutenbergoptions

C · Use Caution

CVEs total2

Unpatched2

Last CVEJan 17, 2025

Plugin page Download

Safety Verdict

Is Guten Free Options Safe to Use in 2026?

Use With Caution

Score 58/100

Guten Free Options has 2 unpatched vulnerabilities. Evaluate alternatives or apply available mitigations.

2 known CVEs 2 unpatched Last CVE: Jan 17, 2025Updated 9mo ago

Risk Assessment

The 'guten-free-options' plugin version 0.9.7 exhibits a concerning security posture despite some positive indicators. While the plugin demonstrates excellent practices in output escaping, with 100% of outputs properly escaped, and makes good use of prepared statements for SQL queries (89%), it suffers from a significant vulnerability in its handling of entry points.

The static analysis reveals a total of 4 AJAX handlers, alarmingly, all 4 lack authentication checks. This presents a substantial attack surface without any protective measures. Furthermore, the taint analysis highlights a high severity flow with unsanitized input, indicating a potential risk of data manipulation or unauthorized actions. The presence of 5 unsanitized paths in the taint analysis, even without a critical severity finding, warrants attention.

The plugin's vulnerability history is a major red flag. It has two known medium severity CVEs, both of which are currently unpatched. The common vulnerability type being Cross-site Scripting, coupled with the fact that the last vulnerability was very recent (2025-01-17), strongly suggests recurring issues with input sanitization or improper neutralization of data. This pattern of unpatched vulnerabilities indicates a lack of proactive security maintenance and a potential ongoing risk to user data and site integrity.

Key Concerns

Unprotected AJAX handlers
Unpatched CVEs (2 medium)
High severity taint flow
Unsanitized paths in taint analysis

Vulnerabilities

Guten Free Options Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-13492medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Guten Free Options <= 0.9.5 - Reflected Cross-Site Scripting

Jan 17, 2025Unpatched

CVE-2025-23813medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Guten Free Options <= 0.9.5 - Reflected Cross-Site Scripting

Jan 16, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Guten Free Options Code Analysis

Dangerous Functions

Raw SQL Queries

8 prepared

Unescaped Output

875 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

89% prepared9 total queries

Output Escaping

100% escaped878 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

7 flows5 with unsanitized paths

update_settings (loader.php:520)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

4 unprotected

Guten Free Options Attack Surface

Entry Points4

Unprotected4

AJAX Handlers 4

authwp_ajax_gfo_readme_viewerguten-free-options.php:2041

authwp_ajax_wqhelper_reminder_dismisswordquest.php:394

authwp_ajax_wqhelper_load_feed_catwordquest.php:406

authwp_ajax_wqhelper_update_sidebar_boxeswordquest.php:419

WordPress Hooks 61

actionadmin_menuguten-free-options.php:179

actionnetwork_admin_menuguten-free-options.php:203

filterplugin_action_linksguten-free-options.php:232

filternetwork_admin_plugin_action_linksguten-free-options.php:250

actionedit_form_topguten-free-options.php:431

actionadmin_footerguten-free-options.php:497

actioninitguten-free-options.php:651

filtergutenberg_use_widgets_block_editorguten-free-options.php:667

filteruse_widgets_block_editorguten-free-options.php:668

actionwidgets_admin_pageguten-free-options.php:677

actioninitguten-free-options.php:736

actionadmin_initguten-free-options.php:872

actionadmin_initguten-free-options.php:1201

actionadmin_initguten-free-options.php:1231

actionadmin_enqueue_scriptsguten-free-options.php:2031

actionafter_setup_themeguten-free-options.php:2059

filtergutenberg_can_edit_post_typeguten-free-options.php:2066

filteruse_block_editor_for_post_typeguten-free-options.php:2067

filteruse_block_editor_for_postguten-free-options.php:2071

filtergutenberg_can_edit_postguten-free-options.php:2072

actionshow_user_profileguten-free-options.php:2086

actionedit_user_profileguten-free-options.php:2087

actionpersonal_options_updateguten-free-options.php:2088

actionedit_user_profile_updateguten-free-options.php:2089

actionadmin_initguten-free-options.php:2094

actionsave_postguten-free-options.php:2095

filterredirect_post_locationguten-free-options.php:2107

actionedit_form_topguten-free-options.php:2110

filterget_edit_post_linkguten-free-options.php:2113

actionadmin_menuguten-free-options.php:2128

filtergfo_post_type_filtersguten-free-options.php:2137

filtergfo_post_type_filtersguten-free-options.php:2140

filtergfo_post_type_filtersguten-free-options.php:2143

filtergfo_post_type_filtersguten-free-options.php:2146

filtergfo_post_type_filtersguten-free-options.php:2149

filtergfo_single_post_filtersguten-free-options.php:2154

filtergfo_single_post_filtersguten-free-options.php:2157

filtergfo_single_post_filtersguten-free-options.php:2160

actionwp_enqueue_scriptsguten-free-options.php:2929

actionsave_postguten-free-options.php:3210

filterredirect_post_locationguten-free-options.php:3220

actionadmin_initloader.php:1330

actionadmin_initloader.php:1331

actionadmin_menuloader.php:1334

filterplugin_action_linksloader.php:1337

actionadmin_enqueue_scriptsloader.php:1343

actionadmin_enqueue_scriptsloader.php:1345

actionplugins_loadedloader.php:1353

actionadmin_initloader.php:1585

filterconnect_messageloader.php:1708

actionall_admin_noticesloader.php:1863

actionplugins_loadedloader.php:3368

actionadmin_initwordquest.php:93

actionadmin_footerwordquest.php:363

actionadmin_footerwordquest.php:376

actionadmin_noticeswordquest.php:605

actionadmin_footerwordquest.php:1679

actionupdate-custom_wordquest_plugin_installwordquest.php:1740

actionwp_dashboard_setupwordquest.php:3122

actionadmin_footerwordquest.php:3160

filterwp_feed_cache_transient_lifetimewordquest.php:3656

Maintenance & Trust

Guten Free Options Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJul 2, 2025

PHP min version5.2.4

Downloads5K

Community Trust

Rating100/100

Number of ratings3

Active installs200

Alternatives

Guten Free Options Alternatives

Classic Editor

classic-editor

100

Enables the previous "classic" editor and the old-style Edit Post screen with TinyMCE, Meta Boxes, etc. Supports all plugins that extend this screen.

9.0M No CVEs

Advanced Editor Tools

tinymce-advanced

100

Extends and enhances the block editor (Gutenberg) and the classic editor (TinyMCE).

2.0M 1 CVE

Disable Gutenberg

disable-gutenberg

100

Disable Gutenberg Block Editor and restore the Classic Editor and original Edit Post screen (TinyMCE, meta boxes, etc.).

600K No CVEs

Classic Editor and Classic Widgets

classic-editor-and-classic-widgets

Disables Gutenberg editor totally everywhere and enables Classic Editor and Classic Widgets.

20K 2 CVEs

Enable Classic Editor & Widgets

enable-classic-editor

100

A simple & lightweight plugin to enable the classic editor on WordPress with advanced configuration options.

2K No CVEs

Developer Profile

Guten Free Options Developer Profile

Tony Hayes

5 plugins · 250 total installs

trust score

Avg Security Score

87/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Guten Free Options

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/guten-free-options/css/guten-free-options.css/wp-content/plugins/guten-free-options/css/guten-free-options-lite.css/wp-content/plugins/guten-free-options/js/guten-free-options.js

Script Paths

/wp-content/plugins/guten-free-options/js/guten-free-options.js

Version Parameters

guten-free-options/css/guten-free-options.css?ver=guten-free-options/css/guten-free-options-lite.css?ver=guten-free-options/js/guten-free-options.js?ver=

HTML / DOM Fingerprints

CSS Classes

guten-free-options-settings

HTML Comments

+2 more

Data Attributes

data-guten-free-options-slug

JS Globals

guten_free_options_data

FAQ