Does Index Press have any unpatched vulnerabilities?

No. All known vulnerabilities in Index Press have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Index Press compatible with WordPress 3.0.5?

According to WordPress.org data, Index Press 1.0 has been tested up to WordPress 3.0.5. Check the plugin's changelog for the latest compatibility information.

How often is Index Press updated?

Index Press was last updated on Feb 11, 2011. Frequent updates are generally a positive security signal.

What is Index Press's security score?

Index Press has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Index Press Security & Risk Analysis

wordpress.org/plugins/index-press

Provides a standard index of content in your site using a short code. Sorts results into alphabetical listings.

10 active installs v1.0 PHP + WP 2.8+ Updated Feb 11, 2011

contentsindexpages

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Index Press Safe to Use in 2026?

Generally Safe

Score 85/100

Index Press has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The plugin "index-press" v1.0 demonstrates a mixed security posture. On the positive side, it has a very limited attack surface with only one shortcode and no identified AJAX handlers, REST API routes, or cron events that are exposed. Furthermore, the plugin's SQL queries are entirely handled with prepared statements, and there are no known historical vulnerabilities (CVEs) associated with it. This suggests a cautious approach to common attack vectors like SQL injection and a clean track record.

However, significant concerns arise from the static analysis of the code. A substantial portion (50%) of its output is not properly escaped, which presents a clear risk of Cross-Site Scripting (XSS) vulnerabilities. Additionally, all three analyzed taint flows have unsanitized paths, indicating potential for malicious data to be processed without adequate validation or sanitization. The absence of nonce and capability checks on its entry points, coupled with the presence of file operations, further exacerbates these risks. These weaknesses, despite the lack of known CVEs, make the plugin vulnerable to common web attacks.

In conclusion, while "index-press" v1.0 benefits from a small attack surface and good SQL practices, the unescaped output and unsanitized taint flows represent critical security weaknesses. The lack of historical vulnerabilities is positive but does not mitigate the immediate risks identified in the code. The plugin requires immediate attention to address the output escaping and taint flow issues to be considered secure.

Key Concerns

Unescaped output detected
Taint flows with unsanitized paths
No capability checks on entry points
No nonce checks on entry points
File operations present

Vulnerabilities

None known

Index Press Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Index Press Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped50 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

update_option (index-press.php:206)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Index Press Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[index-press] index-press.php:70

WordPress Hooks 8

actionwp_loadedindex-press.php:58

actionwp_print_stylesindex-press.php:59

actionadmin_initindex-press.php:60

actionquery_varsindex-press.php:61

actionadmin_menuindex-press.php:62

actionsave_postindex-press.php:63

filterplugin_action_linksindex-press.php:67

filterthe_contentindex-press.php:74

Maintenance & Trust

Index Press Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5

Last updatedFeb 11, 2011

PHP min version

Downloads9K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Index Press Alternatives

Thesis Footer Tool

thesis-footer-tool

Provides a simple way to manage items in and around the footer of a Thesis Theme.

30 No CVEs

Fast Post Lists

fast-post-lists

Provide shortcodes to display a filtered list of posts, grouped by category/tag, with optional thumbnails.

10 No CVEs

Post Theming

post-theming

Allows you to change how posts will appear in lists on your web site.

10 No CVEs

Table of Contents Plus

table-of-contents-plus

A powerful yet user friendly plugin that automatically creates a table of contents. Can also output a sitemap listing all pages and categories.

200K 5 CVEs

Rich Table of Contents

rich-table-of-content

RTOC is a table of contents generation plugin from Japan that allows anyone to easily create a table of contents. Equipped with the functions of the c …

20K 2 CVEs

Developer Profile

Index Press Developer Profile

GrandSlambert

7 plugins · 170 total installs

trust score

Avg Security Score

87/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Index Press

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/index-press/templates/index-press.css/wp-content/plugins/index-press/js/index-press-admin.js

Script Paths

/wp-content/plugins/index-press/js/index-press-admin.js

Version Parameters

index-press/style.css?ver=index-press/index-press.css?ver=index-press/js/index-press-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

index-press-itemindex-press-menu

Data Attributes

data-parent-id

JS Globals

indexPressAdmin

Shortcode Output

[index-press]index-press

FAQ