Does Pluginer (formerly Instalist) – WP bulk plugin install & migrate have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Pluginer (formerly Instalist) – WP bulk plugin install & migrate compatible with WordPress 6.9.4?

According to WordPress.org data, Pluginer (formerly Instalist) – WP bulk plugin install & migrate 1.3.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Pluginer (formerly Instalist) – WP bulk plugin install & migrate Security & Risk Analysis

wordpress.org/plugins/instalist

Create lists of your favourites plugins, export and import them in any new website to install all plugins in the list with just one single click.

10 active installs v1.3.5 PHP + WP 4.0.1+ Updated Apr 2, 2026

bulk-installinstall-pluginsmigrationplugin-managementplugin-migration

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Pluginer (formerly Instalist) – WP bulk plugin install & migrate Safe to Use in 2026?

Generally Safe

Score 100/100

Pluginer (formerly Instalist) – WP bulk plugin install & migrate has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "instalist" plugin version 1.3.2 exhibits a significant security concern due to its large attack surface consisting of 13 AJAX handlers, all of which lack authentication checks. While the code generally follows good practices with a high percentage of properly escaped output and the exclusive use of prepared statements for SQL queries, the absence of authorization for nearly all entry points is a major vulnerability. The plugin also shows no history of known CVEs, which is a positive indicator, but this does not mitigate the immediate risks posed by the unprotected AJAX endpoints.

The taint analysis reveals one flow with unsanitized paths, which, although not classified as critical or high severity, warrants attention. This indicates a potential for privilege escalation or other code execution if an attacker can manipulate the input to this specific flow. The presence of 11 nonce checks and 3 capability checks is positive, but these are overshadowed by the fact that the majority of entry points bypass these crucial security mechanisms.

In conclusion, while "instalist" v1.3.2 demonstrates strengths in SQL handling and output escaping, the widespread lack of authentication on its AJAX handlers presents a substantial risk. This makes it highly susceptible to unauthorized actions and potential exploits. The single unsanitized path, although minor in severity based on the provided data, adds another layer of concern.

Key Concerns

13 AJAX handlers without auth checks
Flow with unsanitized paths

Vulnerabilities

None known

Pluginer (formerly Instalist) – WP bulk plugin install & migrate Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Pluginer (formerly Instalist) – WP bulk plugin install & migrate Release Timeline

v1.3.5Current

v1.3.4

v1.3.3

v1.3.2

v1.3.1

v1.3.0

v1.2.9

v1.2.8

v1.2.7

v1.2.6

v1.2.5

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.9

v1.1.8

v1.1.7

v1.1.6

Code Analysis

Analyzed Mar 17, 2026

Pluginer (formerly Instalist) – WP bulk plugin install & migrate Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

138 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

98% escaped141 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths

<class-pluginer-admin> (admin\class-pluginer-admin.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

13 unprotected

Pluginer (formerly Instalist) – WP bulk plugin install & migrate Attack Surface

Entry Points13

Unprotected13

AJAX Handlers 13

authwp_ajax_plgnr_get_plugins_in_listincludes\class-pluginer.php:172

noprivwp_ajax_plgnr_get_plugins_in_list_listincludes\class-pluginer.php:173

authwp_ajax_plgnr_install_single_pluginincludes\class-pluginer.php:177

noprivwp_ajax_plgnr_install_single_pluginincludes\class-pluginer.php:178

authwp_ajax_plgnr_export_plugin_listincludes\class-pluginer.php:185

noprivwp_ajax_plgnr_export_plugin_listincludes\class-pluginer.php:186

authwp_ajax_plgnr_import_plugin_listincludes\class-pluginer.php:189

noprivwp_ajax_plgnr_import_plugin_listincludes\class-pluginer.php:190

authwp_ajax_plgnr_get_plugins_from_repoincludes\class-pluginer.php:194

noprivwp_ajax_plgnr_get_plugins_from_repoincludes\class-pluginer.php:195

authwp_ajax_plgnr_update_plugin_listincludes\class-pluginer.php:198

authwp_ajax_plgnr_get_required_pluginincludes\class-pluginer.php:200

authwp_ajax_plgnr_check_plugin_list_countincludes\class-pluginer.php:201

WordPress Hooks 37

actioninitincludes\class-pluginer-cpt.php:29

filtersave_postincludes\class-pluginer-cpt.php:30

filtergettextincludes\class-pluginer-cpt.php:31

filterpost_row_actionsincludes\class-pluginer-cpt.php:32

actionadmin_noticesincludes\class-pluginer-cpt.php:33

actionload-post-new.phpincludes\class-pluginer-cpt.php:34

filtermanage_plgnr_plugin_list_posts_columnsincludes\class-pluginer-cpt.php:35

actionmanage_plgnr_plugin_list_posts_custom_columnincludes\class-pluginer-cpt.php:36

actionsave_post_plgnr_plugin_listincludes\class-pluginer-cpt.php:37

filterbulk_actions-edit-plgnr_plugin_listincludes\class-pluginer-cpt.php:38

actionsave_post_plgnr_plugin_listincludes\class-pluginer-cpt.php:75

actionadd_meta_boxes_plgnr_plugin_listincludes\class-pluginer-cpt.php:83

actionadd_meta_boxesincludes\class-pluginer-metabox.php:29

actionsave_postincludes\class-pluginer-metabox.php:30

filterpluginer_is_premiumincludes\class-pluginer.php:77

actionplugins_loadedincludes\class-pluginer.php:149

actionadmin_enqueue_scriptsincludes\class-pluginer.php:161

actionadmin_enqueue_scriptsincludes\class-pluginer.php:162

actionadmin_menuincludes\class-pluginer.php:163

actionadmin_initincludes\class-pluginer.php:164

actioninitincludes\class-pluginer.php:165

actionplugins_loadedincludes\class-pluginer.php:166

actionadmin_post_plgnr_get_plugins_in_listincludes\class-pluginer.php:174

actionadmin_post_plgnr_install_single_pluginincludes\class-pluginer.php:179

actionadmin_post_plgnr_export_plugin_listincludes\class-pluginer.php:187

actionadmin_post_plgnr_import_plugin_listincludes\class-pluginer.php:191

actionadmin_post_plgnr_get_plugins_from_repoincludes\class-pluginer.php:193

actionadmin_noticesincludes\class-pluginer.php:202

actionload-postincludes\class-pluginer.php:203

actionload-post-new.phpincludes\class-pluginer.php:206

filterpluginer_canincludes\class-pluginer.php:207

filterpost_classincludes\class-pluginer.php:208

actionrest_api_initincludes\class-pluginer.php:209

actioninitincludes\class-pluginer.php:211

actioninitincludes\class-pluginer.php:212

actioncurrent_screenincludes\class-pluginer.php:213

actionpre_get_postsincludes\class-pluginer.php:217

Maintenance & Trust

Pluginer (formerly Instalist) – WP bulk plugin install & migrate Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 2, 2026

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Pluginer (formerly Instalist) – WP bulk plugin install & migrate Alternatives

DazeStack Bulk Plugin Manager

dazestack-bulk-plugin-manager

100

The most beautiful, native Mac-like bulk plugin manager for WordPress. Import, export, and provision plugin stacks in one streamlined workspace.

0 No CVEs

UpdraftPlus: WP Backup & Migration Plugin

updraftplus

Backup, restore or migrate your WordPress website to another host or domain. Schedule backups or run manually. Migrate in minutes.

3.0M 14 CVEs

Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More

duplicator

The best WordPress backup and migration plugin. Quickly and easily backup ,migrate, copy, move, or clone your site from one location to another.

1.0M 15 CVEs

Migrate Guru – Site Migration & Cloning

migrate-guru

100

Effortlessly migrate, clone, or transfer your WordPress site to over 5,000 web hosts with Migrate Guru, trusted by Cloudways, Pantheon, and Dreamhost.

200K No CVEs

WP STAGING – WordPress Backup, Restore & Migration

wp-staging

Backup, restore, staging, and migration for WordPress. Create full-site backups and test updates safely. 100% Unit Tested.

100K 4 CVEs

Developer Profile

Pluginer (formerly Instalist) – WP bulk plugin install & migrate Developer Profile

codingfix

3 plugins · 1K total installs

100

trust score

Avg Security Score

100/100

Avg Patch Time

6 days

View full developer profile

Detection Fingerprints

How We Detect Pluginer (formerly Instalist) – WP bulk plugin install & migrate

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/instalist/admin/js/pluginer-admin.js/wp-content/plugins/instalist/admin/css/pluginer-admin.css

Script Paths

/wp-content/plugins/instalist/admin/js/pluginer-admin.js

Version Parameters

instalist/admin/js/pluginer-admin.js?ver=instalist/admin/css/pluginer-admin.css?ver=

HTML / DOM Fingerprints

HTML Comments

+39 more

JS Globals

PLUGINER_VERSIONPLUGINER_ADMIN_JS_URLPLUGINER_URL

FAQ