Does Idea Factory have any unpatched vulnerabilities?

No. All known vulnerabilities in Idea Factory have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Idea Factory compatible with WordPress 4.3.34?

According to WordPress.org data, Idea Factory 1.2 has been tested up to WordPress 4.3.34. Check the plugin's changelog for the latest compatibility information.

How often is Idea Factory updated?

Idea Factory was last updated on Aug 19, 2015. Frequent updates are generally a positive security signal.

What is Idea Factory's security score?

Idea Factory has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Idea Factory Security & Risk Analysis

wordpress.org/plugins/idea-factory

Front end submission and voting system.

200 active installs v1.2 PHP + WP 3.8+ Updated Aug 19, 2015

feedbackideauser-submissionvotevoting

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Idea Factory Safe to Use in 2026?

Generally Safe

Score 85/100

Idea Factory has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The 'idea-factory' v1.2 plugin exhibits a generally good security posture with a well-defined attack surface that appears to be protected by authentication checks. The absence of known CVEs and a clean vulnerability history are positive indicators. However, the static analysis reveals specific areas for concern. The presence of the `create_function` function is a significant red flag, as it can be a vector for code injection vulnerabilities if not handled with extreme care. Additionally, the taint analysis highlighting two flows with unsanitized paths, despite no critical or high severity reported, suggests potential risks that require further investigation. While the majority of SQL queries utilize prepared statements, the remaining ones could still be susceptible to injection if not properly parameterized. The moderate rate of properly escaped output also indicates a potential for cross-site scripting (XSS) vulnerabilities.

Key Concerns

Use of dangerous function create_function
Taint flow with unsanitized path (High Severity)
Taint flow with unsanitized path (High Severity)
Output escaping is not properly handled
SQL queries not using prepared statements
SQL queries not using prepared statements
SQL queries not using prepared statements
SQL queries not using prepared statements
SQL queries not using prepared statements
SQL queries not using prepared statements

Vulnerabilities

None known

Idea Factory Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Idea Factory Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

21 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_function$callback = create_function('', 'echo "'.str_replace('"', '\"', $section['desc']).'";');admin\includes\class.settings-api.php:97

SQL Query Safety

63% prepared8 total queries

Output Escaping

42% escaped50 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

idea_factory_has_public_voted (public\includes\helpers.php:255)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Idea Factory Attack Surface

Entry Points9

Unprotected0

AJAX Handlers 8

authwp_ajax_idea_factory_resetadmin\includes\class.settings.php:28

authwp_ajax_idea_factory_db_resetadmin\includes\class.settings.php:29

authwp_ajax_process_entryincludes\class.process-entry.php:12

noprivwp_ajax_process_entryincludes\class.process-entry.php:13

authwp_ajax_process_vote_upincludes\class.process-vote.php:11

authwp_ajax_process_vote_downincludes\class.process-vote.php:12

noprivwp_ajax_process_vote_upincludes\class.process-vote.php:14

noprivwp_ajax_process_vote_downincludes\class.process-vote.php:15

Shortcodes 1

[idea_factory] public\includes\class.shortcodes.php:12

WordPress Hooks 21

filtermanage_ideas_posts_columnsadmin\includes\class.column-mods.php:17

actionmanage_ideas_posts_custom_columnadmin\includes\class.column-mods.php:18

actionadd_meta_boxesadmin\includes\class.meta.php:14

actionsave_postadmin\includes\class.meta.php:15

actionadmin_enqueue_scriptsadmin\includes\class.settings-api.php:32

actionadmin_initadmin\includes\class.settings.php:25

actionadmin_menuadmin\includes\class.settings.php:26

actionadmin_headadmin\includes\class.settings.php:27

actionplugins_loadedidea-factory.php:40

actionplugins_loadedidea-factory.php:45

actionidea_factory_entry_submittedincludes\class.process-entry.php:14

actionidea_factory_vote_upincludes\class.process-status.php:13

actionidea_factory_vote_downincludes\class.process-status.php:14

actionidea_factory_statusincludes\class.process-status.php:15

actioninitincludes\class.type.php:13

actionwpmu_new_blogpublic\class-idea-factory.php:54

actioninitpublic\class-idea-factory.php:70

actionplugins_loadedpublic\class-idea-factory.php:71

actionwp_enqueue_scriptspublic\includes\class.assets.php:11

filtertemplate_includepublic\includes\class.template-loader.php:12

actionpre_get_postspublic\includes\helpers.php:126

Maintenance & Trust

Idea Factory Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34

Last updatedAug 19, 2015

PHP min version

Downloads12K

Community Trust

Rating88/100

Number of ratings12

Active installs200

Alternatives

Idea Factory Alternatives

Blim Post Suggestion and Vote

blim-post-suggestion-and-vote

A simple plugin that suggests post and offer vote feature

0 No CVEs

Simple Voting System Formally Fc Feedback

simple-voting-system-formally-fc-feedback

100

The Simple Voting System plugin implements a straightforward feedback system for WordPress websites.

0 No CVEs

kk Star Ratings – Rate Post & Collect User Feedbacks

kk-star-ratings

kk Star Ratings allows blog visitors to involve and interact more effectively with your website by rating posts.

80K 4 CVEs

Like Button Rating ♥ LikeBtn

likebtn-like-button

Add Like button to posts, pages, comments, WooCommerce, BuddyPress, bbPress, UM, custom posts! Sort content by likes! Get instant stats and insights!

4K 5 CVEs

bbPress Voting

bbp-voting

Let visitors vote up and down on bbPress topics and replies just like Reddit or Stack Overflow!

500 1 CVE

Developer Profile

Idea Factory Developer Profile

Nick Haskins

4 plugins · 280 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Idea Factory

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ