Does InstaRank have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is InstaRank compatible with WordPress 6.9.4?

According to WordPress.org data, InstaRank 2.0.9 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is InstaRank compatible with PHP 7.4+?

InstaRank requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is InstaRank updated?

InstaRank was last updated on Mar 5, 2026. Frequent updates are generally a positive security signal.

What is InstaRank's security score?

InstaRank has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

InstaRank Security & Risk Analysis

wordpress.org/plugins/instarank

AI-powered SEO optimization and programmatic content for WordPress. Auto-apply improvements and sync custom post types.

0 active installs v2.0.9 PHP 7.4+ WP 5.6+ Updated Mar 5, 2026

aimeta-tagsoptimizationsearch-engineseo

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is InstaRank Safe to Use in 2026?

Generally Safe

Score 100/100

InstaRank has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The Instarank v2.0.9 plugin exhibits a generally good security posture with a high percentage of properly escaped outputs and prepared SQL statements. The absence of any recorded CVEs or historical vulnerabilities suggests a relatively stable and well-maintained codebase. However, several concerning aspects were identified during the static analysis. The presence of three dangerous functions (exec, shell_exec, proc_open) indicates a potential for severe command injection vulnerabilities if not handled with extreme care and robust input validation. Furthermore, the taint analysis revealed five high-severity flows with unsanitized paths, highlighting potential risks of arbitrary code execution or sensitive data exposure. The 3 unprotected REST API routes also present a direct attack vector for unauthenticated users. While the plugin has strengths in output sanitization and SQL practices, these identified risks, particularly the dangerous functions and high-severity taint flows, warrant significant attention and mitigation.

Key Concerns

High severity taint flows detected
Unprotected REST API routes
Presence of dangerous functions

Vulnerabilities

None known

InstaRank Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

InstaRank Release Timeline

v2.0.9Current

v2.0.8

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.5.9

v1.5.7

v1.5.6

v1.5.5

v1.5.4

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.9

Code Analysis

Analyzed Mar 17, 2026

InstaRank Code Analysis

Dangerous Functions

Raw SQL Queries

75 prepared

Unescaped Output

697 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

execexec($full_command, $output, $return_var);api\agent-endpoints.php:667

shell_execif (file_exists($path) || shell_exec("which $path 2>/dev/null")) {api\agent-endpoints.php:686

proc_open$process = proc_open($command, $descriptorspec, $pipes, $cwd);api\agent-endpoints.php:961

SQL Query Safety

88% prepared85 total queries

Output Escaping

98% escaped711 total outputs

Data Flows · Security

8 unsanitized

Data Flow Analysis

12 flows8 with unsanitized paths

maybe_render_virtual_page (includes\class-virtual-pages.php:174)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

InstaRank Attack Surface

Entry Points138

Unprotected3

AJAX Handlers 15

authwp_ajax_instarank_save_pseo_fieldsincludes\class-classic-editor.php:40

authwp_ajax_instarank_import_external_imageincludes\class-classic-editor.php:43

authwp_ajax_instarank_test_connectioninstarank.php:108

authwp_ajax_instarank_check_connection_statusinstarank.php:109

authwp_ajax_instarank_confirm_oauth_connectioninstarank.php:110

authwp_ajax_instarank_sync_nowinstarank.php:111

authwp_ajax_instarank_approve_changeinstarank.php:112

authwp_ajax_instarank_reject_changeinstarank.php:113

authwp_ajax_instarank_rollback_changeinstarank.php:114

authwp_ajax_instarank_view_detailsinstarank.php:115

authwp_ajax_instarank_disconnectinstarank.php:116

authwp_ajax_instarank_reset_auth_attemptsinstarank.php:117

authwp_ajax_instarank_clear_historyinstarank.php:118

authwp_ajax_instarank_reset_robots_txtinstarank.php:119

authwp_ajax_instarank_save_dataset_urlinstarank.php:120

REST API Routes 105

POST/wp-json/instarank/v1/changes/applyapi\endpoints.php:20

GET/wp-json/instarank/v1/changesapi\endpoints.php:27

GET/wp-json/instarank/v1/changes/(?P<id>\d+)api\endpoints.php:34

POST/wp-json/instarank/v1/changes/bulkapi\endpoints.php:41

GET/wp-json/instarank/v1/testapi\endpoints.php:48

GET/wp-json/instarank/v1/infoapi\endpoints.php:55

GET/wp-json/instarank/v1/postsapi\endpoints.php:62

GET/wp-json/instarank/v1/posts/resolveapi\endpoints.php:69

POST/wp-json/instarank/v1/home/metaapi\endpoints.php:76

GET/wp-json/instarank/v1/healthapi\endpoints.php:85

POST/wp-json/instarank/v1/connection/confirmapi\endpoints.php:92

POST/wp-json/instarank/v1/dynamic-elements/renderapi\endpoints.php:99

GET/wp-json/instarank/v1/homepageapi\endpoints.php:108

GET/wp-json/instarank/v1/categoriesapi\endpoints.php:115

GET/wp-json/instarank/v1/tagsapi\endpoints.php:122

GET/wp-json/instarank/v1/authorsapi\endpoints.php:129

GET/wp-json/instarank/v1/post-typesapi\endpoints.php:136

POST/wp-json/instarank/v1/programmatic/post-typesapi\endpoints.php:143

PUT/wp-json/instarank/v1/programmatic/post-types/(?P<slug>[a-z0-9_-]+)api\endpoints.php:150

DELETE/wp-json/instarank/v1/programmatic/post-types/(?P<slug>[a-z0-9_-]+)api\endpoints.php:157

POST/wp-json/instarank/v1/programmatic/pagesapi\endpoints.php:164

POST/wp-json/instarank/v1/programmatic/check-existingapi\endpoints.php:171

DELETE/wp-json/instarank/v1/programmatic/pages/(?P<id>\d+)api\endpoints.php:178

GET/wp-json/instarank/v1/templates/(?P<id>\d+)/fieldsapi\endpoints.php:185

GET/wp-json/instarank/v1/templates/(?P<id>\d+)/mappingsapi\endpoints.php:192

GET/wp-json/instarank/v1/acf/fieldsapi\endpoints.php:201

GET/wp-json/instarank/v1/acf/statusapi\endpoints.php:208

GET/wp-json/instarank/v1/taxonomiesapi\endpoints.php:215

POST/wp-json/instarank/v1/categories/(?P<id>\d+)/metaapi\endpoints.php:222

POST/wp-json/instarank/v1/tags/(?P<id>\d+)/metaapi\endpoints.php:229

POST/wp-json/instarank/v1/authors/(?P<id>\d+)/metaapi\endpoints.php:236

GET/wp-json/instarank/v1/searchapi\endpoints.php:243

GET/wp-json/instarank/v1/404-pageapi\endpoints.php:250

GET/wp-json/instarank/v1/attachmentsapi\endpoints.php:257

GET/wp-json/instarank/v1/attachments/(?P<id>\d+)api\endpoints.php:264

POST/wp-json/instarank/v1/attachments/(?P<id>\d+)/metaapi\endpoints.php:271

POST/wp-json/instarank/v1/media/upload-optimizedapi\endpoints.php:280

POST/wp-json/instarank/v1/media/replace-urlsapi\endpoints.php:287

POST/wp-json/instarank/v1/media/bulk-upload-optimizedapi\endpoints.php:294

POST/wp-json/instarank/v1/regenerate-cssapi\endpoints.php:303

POST/wp-json/instarank/v1/clear-builder-cachesapi\endpoints.php:310

GET/wp-json/instarank/v1/css-status/(?P<id>\d+)api\endpoints.php:317

POST/wp-json/instarank/v1/schedule-css-regenerationapi\endpoints.php:324

POST/wp-json/instarank/v1/spintax/validateapi\endpoints.php:333

POST/wp-json/instarank/v1/spintax/previewapi\endpoints.php:340

POST/wp-json/instarank/v1/spintax/spinapi\endpoints.php:347

GET/wp-json/instarank/v1/woocommerce/is-activeapi\endpoints.php:354

GET/wp-json/instarank/v1/woocommerce/productsapi\endpoints.php:361

GET/wp-json/instarank/v1/woocommerce/products/(?P<id>\d+)api\endpoints.php:368

POST/wp-json/instarank/v1/woocommerce/products/(?P<id>\d+)/metaapi\endpoints.php:375

GET/wp-json/instarank/v1/woocommerce/shopapi\endpoints.php:382

GET/wp-json/instarank/v1/woocommerce/categoriesapi\endpoints.php:389

POST/wp-json/instarank/v1/woocommerce/categories/(?P<id>\d+)/metaapi\endpoints.php:396

GET/wp-json/instarank/v1/woocommerce/cartapi\endpoints.php:403

GET/wp-json/instarank/v1/woocommerce/checkoutapi\endpoints.php:410

GET/wp-json/instarank/v1/page-typesapi\endpoints.php:417

POST/wp-json/instarank/v1/bulk-metaapi\endpoints.php:426

POST/wp-json/instarank/v1/bulk-robotsapi\endpoints.php:433

GET/wp-json/instarank/v1/mediaapi\endpoints.php:440

POST/wp-json/instarank/v1/media/(?P<id>\d+)/alt-textapi\endpoints.php:447

POST/wp-json/instarank/v1/media/find-by-urlapi\endpoints.php:454

POST/wp-json/instarank/v1/media/update-alt-by-urlapi\endpoints.php:461

POST/wp-json/instarank/v1/analyze-contentapi\endpoints.php:468

GET/wp-json/instarank/v1/crawl-dataapi\endpoints.php:477

GET/wp-json/instarank/v1/crawl-data/pageapi\endpoints.php:484

GET/wp-json/instarank/v1/multilang/infoapi\endpoints.php:493

POST/wp-json/instarank/v1/multilang/set-languageapi\endpoints.php:500

POST/wp-json/instarank/v1/multilang/link-translationsapi\endpoints.php:507

GET/wp-json/instarank/v1/media/analyze-usageapi\endpoints.php:516

GET/wp-json/instarank/v1/media/(?P<id>\d+)/usageapi\endpoints.php:523

POST/wp-json/instarank/v1/media/(?P<id>\d+)/deleteapi\endpoints.php:530

POST/wp-json/instarank/v1/media/bulk-deleteapi\endpoints.php:537

POST/wp-json/instarank/v1/media/restoreapi\endpoints.php:544

POST/wp-json/instarank/v1/media/(?P<id>\d+)/renameapi\endpoints.php:551

POST/wp-json/instarank/v1/media/bulk-renameapi\endpoints.php:558

POST/wp-json/instarank/v1/media/(?P<id>\d+)/metadataapi\endpoints.php:565

POST/wp-json/instarank/v1/media/bulk-update-metadataapi\endpoints.php:572

POST/wp-json/instarank/v1/content/update-image-attributesapi\endpoints.php:579

POST/wp-json/instarank/v1/content/bulk-update-image-attributesapi\endpoints.php:586

GET/wp-json/instarank/v1/sitemap/settingsapi\endpoints.php:595

POST/wp-json/instarank/v1/sitemap/settingsapi\endpoints.php:602

GET/wp-json/instarank/v1/sitemap/availableapi\endpoints.php:609

POST/wp-json/instarank/v1/sitemap/regenerateapi\endpoints.php:616

GET/wp-json/instarank/v1/sitemap/previewapi\endpoints.php:623

GET/wp-json/instarank/v1/robots-txtapi\endpoints.php:630

POST/wp-json/instarank/v1/robots-txtapi\endpoints.php:637

POST/wp-json/instarank/v1/robots-txt/resetapi\endpoints.php:644

GET/wp-json/instarank/v1/llms-txtapi\endpoints.php:651

POST/wp-json/instarank/v1/llms-txtapi\endpoints.php:658

POST/wp-json/instarank/v1/llms-txt/resetapi\endpoints.php:665

GET/wp-json/instarank/v1/indexnow/submitincludes\class-indexnow.php:480

GET/wp-json/instarank/v1/indexnow/configincludes\class-indexnow.php:502

GET/wp-json/instarank/v1/indexnow/configincludes\class-indexnow.php:508

GET/wp-json/instarank/v1/indexnow/logincludes\class-indexnow.php:520

GET/wp-json/instarank/v1/page-builder/(?P<id>\d+)includes\class-page-builder-api.php:28

POST/wp-json/instarank/v1/page-builder/(?P<id>\d+)includes\class-page-builder-api.php:43

POST/wp-json/instarank/v1/page-builder/detectincludes\class-page-builder-api.php:66

GET/wp-json/instarank/v1/page-builder/postsincludes\class-page-builder-api.php:79

GET/wp-json/instarank/v1/page-buildersincludes\class-page-builder-api.php:100

GET/wp-json/instarank/v1/templates/scanincludes\class-page-builder-api.php:107

POST/wp-json/instarank/v1/templates/importincludes\class-page-builder-api.php:114

GET/wp-json/instarank/v1/random-postincludes\class-random-post.php:341

GET/wp-json/instarank/v1/related-linksincludes\class-related-links.php:69

POST/wp-json/instarank/v1/related-links/auto-insertincludes\class-related-links.php:93

GET/wp-json/instarank/v1/virtual-sitemap.xmlincludes\class-virtual-pages.php:445

Shortcodes 18

[instarank_breadcrumbs] includes\class-breadcrumbs.php:54

[instarank_random_post] includes\class-random-post.php:47

[instarank_related] includes\class-related-links.php:53

[instarank_toc] includes\class-wp-shortcodes.php:46

[instarank_post_count] includes\class-wp-shortcodes.php:47

[instarank_current_date] includes\class-wp-shortcodes.php:48

[instarank_share] includes\class-wp-shortcodes.php:49

[instarank_reading_time] includes\class-wp-shortcodes.php:50

[instarank_post_list] includes\class-wp-shortcodes.php:51

[instarank_faq] includes\class-wp-shortcodes.php:52

[instarank_faq_item] includes\class-wp-shortcodes.php:53

[instarank_pros_cons] includes\class-wp-shortcodes.php:54

[instarank_last_modified] includes\class-wp-shortcodes.php:55

[instarank_custom_field] includes\class-wp-shortcodes.php:56

[instarank_alert] includes\class-wp-shortcodes.php:57

[instarank_progress_bar] includes\class-wp-shortcodes.php:58

[instarank_post_nav] includes\class-wp-shortcodes.php:59

[instarank_sitemap] includes\class-wp-shortcodes.php:60

WordPress Hooks 60

actionrest_api_initapi\agent-endpoints.php:37

actionrest_api_initapi\endpoints.php:12

actionwp_headincludes\class-breadcrumbs.php:58

actionadd_meta_boxesincludes\class-classic-editor.php:34

actionsave_postincludes\class-classic-editor.php:35

actionsave_postincludes\class-classic-editor.php:36

actionadmin_enqueue_scriptsincludes\class-classic-editor.php:37

actionsave_postincludes\class-classic-editor.php:1398

actionsave_postincludes\class-classic-editor.php:1399

actionsave_postincludes\class-classic-editor.php:1576

actionsave_postincludes\class-classic-editor.php:1577

actionpublish_postincludes\class-indexnow.php:68

actionpublish_pageincludes\class-indexnow.php:69

actionwp_insert_postincludes\class-indexnow.php:72

actionadmin_initincludes\class-indexnow.php:75

actionrest_api_initincludes\class-indexnow.php:78

actioninitincludes\class-indexnow.php:81

actiontemplate_redirectincludes\class-indexnow.php:82

actioninitincludes\class-llms-txt.php:35

actiontemplate_redirectincludes\class-llms-txt.php:36

filterquery_varsincludes\class-llms-txt.php:37

actionrest_api_initincludes\class-page-builder-api.php:20

actionwp_footerincludes\class-random-post.php:48

actionrest_api_initincludes\class-random-post.php:49

actionrest_api_initincludes\class-related-links.php:56

filterthe_contentincludes\class-related-links.php:59

actionadmin_initincludes\class-related-links.php:62

filterrobots_txtincludes\class-robots-txt.php:34

actiondo_robotstxtincludes\class-robots-txt.php:35

actionwp_headincludes\class-schema-generator.php:35

actionwp_headincludes\class-schema-injector.php:16

actioninitincludes\class-sitemap-generator.php:45

actiontemplate_redirectincludes\class-sitemap-generator.php:46

actionsave_postincludes\class-sitemap-generator.php:47

actiondeleted_postincludes\class-sitemap-generator.php:48

actioncreated_termincludes\class-sitemap-generator.php:49

actionedited_termincludes\class-sitemap-generator.php:50

actiondeleted_termincludes\class-sitemap-generator.php:51

filterquery_varsincludes\class-sitemap-generator.php:87

actiontemplate_redirectincludes\class-virtual-pages.php:54

actionrest_api_initincludes\class-virtual-pages.php:57

filterrobots_txtincludes\class-virtual-pages.php:60

actioninitincludes\class-virtual-pages.php:63

actionwp_headincludes\class-virtual-pages.php:343

actionwp_headincludes\class-virtual-pages.php:402

filterthe_contentincludes\class-wp-shortcodes.php:63

actionwp_footerincludes\class-wp-shortcodes.php:64

actionadmin_menuinstarank.php:90

actionadmin_enqueue_scriptsinstarank.php:96

actionadmin_noticesinstarank.php:99

actionwp_headinstarank.php:102

filterrender_block_kadence/imageinstarank.php:105

filterpre_get_document_titleinstarank.php:233

filterpre_get_document_titleinstarank.php:266

actioninitinstarank.php:1111

filterquery_varsinstarank.php:1170

filterpost_type_linkinstarank.php:1186

actionplugins_loadedinstarank.php:1347

actionenqueue_block_editor_assetsintegrations\gutenberg\class-gutenberg-integration.php:34

actionrest_api_initintegrations\gutenberg\class-gutenberg-integration.php:35

Scheduled Events 1

instarank_regenerate_css_batch

Maintenance & Trust

InstaRank Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 5, 2026

PHP min version7.4

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

InstaRank Alternatives

SEO that Matters

seo-that-matters

A lightweight plugin to make your site more SEO (and Social Media) Friendly in a non-intrusive way.

10 No CVEs

CranSEO

cranseo

100

Optimize your product pages for search engines and AI language models, generate high-quality content with AI, and manage XML sitemaps efficiently

0 No CVEs

KeywordPilot SEO

keywordpilot-seo

100

A lightweight SEO plugin for managing unlimited keywords with clean, minimal interface.

0 No CVEs

Ladder SEO

ladder-seo

100

Ladder SEO is a powerful all-in-one SEO automation plugin designed to simplify search engine optimization for WordPress.

0 No CVEs

Sengeku Meta Description Manager

sengeku-meta-description-manager

100

A lightweight meta description manager with an elegant interface and character counter for optimal SEO results.

0 No CVEs

Developer Profile

InstaRank Developer Profile

instarank

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect InstaRank

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/instarank/build/css/instarank-admin.css/wp-content/plugins/instarank/build/js/instarank-admin.js/wp-content/plugins/instarank/build/css/instarank-frontend.css/wp-content/plugins/instarank/build/js/instarank-frontend.js/wp-content/plugins/instarank/build/js/instarank-blocks.js/wp-content/plugins/instarank/build/css/instarank-blocks.css

Script Paths

/wp-content/plugins/instarank/build/js/instarank-admin.js/wp-content/plugins/instarank/build/js/instarank-frontend.js/wp-content/plugins/instarank/build/js/instarank-blocks.js

Version Parameters

instarank/build/css/instarank-admin.css?ver=instarank/build/js/instarank-admin.js?ver=instarank/build/css/instarank-frontend.css?ver=instarank/build/js/instarank-frontend.js?ver=instarank/build/js/instarank-blocks.js?ver=instarank/build/css/instarank-blocks.css?ver=

HTML / DOM Fingerprints

CSS Classes

instarank-admin-wrapinstarank-setting-fieldinstarank-settings-noticeinstarank-spinnerinstarank-overlayinstarank-modal-contentinstarank-modal-headerinstarank-modal-body+2 more

HTML Comments

Data Attributes

data-instarank-settingdata-instarank-modal-targetdata-instarank-dismiss

JS Globals

window.instarankAdminwindow.instarankFrontendwindow.instarankBlocks

REST Endpoints

/wp-json/instarank/v1/test_connection/wp-json/instarank/v1/connection_status/wp-json/instarank/v1/confirm_oauth/wp-json/instarank/v1/sync_now/wp-json/instarank/v1/approve_change/wp-json/instarank/v1/reject_change/wp-json/instarank/v1/rollback_change/wp-json/instarank/v1/view_details/wp-json/instarank/v1/disconnect/wp-json/instarank/v1/reset_auth_attempts/wp-json/instarank/v1/clear_history/wp-json/instarank/v1/reset_robots_txt/wp-json/instarank/v1/save_dataset_url/wp-json/instarank/v1/agent/sync_now/wp-json/instarank/v1/agent/get_prompt_suggestions

FAQ

InstaRank Security & Risk Analysis

Is InstaRank Safe to Use in 2026?

Generally Safe

Key Concerns

InstaRank Security Vulnerabilities

InstaRank Release Timeline

InstaRank Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

Data Flow Analysis

InstaRank Attack Surface

AJAX Handlers 15

REST API Routes 105

Shortcodes 18

Scheduled Events 1

InstaRank Maintenance & Trust

Maintenance Signals

Community Trust

InstaRank Alternatives

SEO that Matters

CranSEO

KeywordPilot SEO

Ladder SEO

Sengeku Meta Description Manager

InstaRank Developer Profile

How We Detect InstaRank

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about InstaRank