WP-Safety

Intervention Security & Risk Analysis

wordpress.org/plugins/intervention

Less But Better — Dieter Rams.

400 active installs v2.0.0 PHP 7.4+ WP 5.0+ Updated Jul 12, 2023
adminoptionssettingsversion-controlwp-admin
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Intervention Safe to Use in 2026?

Generally Safe

Score 85/100

Intervention has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "intervention" plugin v2.0.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, utilizing prepared statements exclusively, and the vast majority of its output is properly escaped, mitigating risks of cross-site scripting. Furthermore, the plugin has no recorded vulnerabilities, including CVEs, which suggests a history of secure development and maintenance. The absence of external HTTP requests and bundled libraries also reduces potential attack vectors.

However, significant concerns arise from the analysis of its attack surface. The plugin exposes two REST API routes without any permission callbacks, creating direct entry points for unauthenticated access. This lack of authorization on critical endpoints is a major security flaw. While taint analysis did not reveal any specific unsanitized paths, the presence of unprotected REST API routes represents a significant risk of unauthorized data manipulation or information disclosure, as any user could potentially interact with these endpoints.

In conclusion, while the plugin scores well on internal code quality like SQL and output escaping, and has a clean vulnerability history, the unprotected REST API routes are a critical weakness. This oversight could be exploited by attackers to perform actions they are not permitted to, undermining the overall security of a WordPress site. Addressing these unprotected entry points should be the highest priority.

Key Concerns

  • Unprotected REST API routes
  • No capability checks on REST API
  • Minor output escaping concern
Vulnerabilities
None known

Intervention Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Intervention Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
1
10 escaped
Nonce Checks
0
Capability Checks
1
File Operations
3
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

91% escaped11 total outputs
Attack Surface
2 unprotected

Intervention Attack Surface

Entry Points2
Unprotected2

REST API Routes 2

GET/wp-json/intervention/v2/importsrc\UserInterface.php:100
GET/wp-json/intervention/v2/exportsrc\UserInterface.php:105
WordPress Hooks 129
filtercustomize_previewable_devicessrc\Admin\Appearance\Customize.php:88
actionadmin_initsrc\Admin\Appearance\Customize.php:91
actioncustomize_registersrc\Admin\Appearance\Customize.php:92
actionadmin_head-nav-menus.phpsrc\Admin\Appearance\Menus.php:88
actionadmin_enqueue_scriptssrc\Admin\Appearance\Menus.php:89
actionadmin_head-themes.phpsrc\Admin\Appearance\Themes.php:82
actionadmin_head-widgets.phpsrc\Admin\Appearance\Widgets.php:156
actionwidgets_initsrc\Admin\Appearance\Widgets.php:157
actionafter_setup_themesrc\Admin\Appearance\Widgets.php:158
filtergutenberg_use_widgets_block_editorsrc\Admin\Appearance\Widgets.php:164
filteruse_widgets_block_editorsrc\Admin\Appearance\Widgets.php:165
actionadmin_initsrc\Admin\Appearance\Widgets.php:168
actionadmin_head-widgets.phpsrc\Admin\Appearance\Widgets.php:200
actionadmin_head-edit-comments.phpsrc\Admin\Comments\All.php:108
actionadmin_headsrc\Admin\Common\Adminbar.php:86
filtershow_admin_barsrc\Admin\Common\Adminbar.php:98
actionwp_before_admin_bar_rendersrc\Admin\Common\Adminbar.php:101
filteradmin_footer_textsrc\Admin\Common\Footer.php:53
filterupdate_footersrc\Admin\Common\Footer.php:60
actionadmin_headsrc\Admin\Common\Menu.php:52
filtercustom_menu_ordersrc\Admin\Common\Menu.php:104
actionmenu_ordersrc\Admin\Common\Menu.php:106
filterpre_site_transient_update_coresrc\Admin\Common\Updates.php:53
filterpre_site_transient_update_pluginssrc\Admin\Common\Updates.php:54
filterpre_site_transient_update_themessrc\Admin\Common\Updates.php:55
actionadmin_head-index.phpsrc\Admin\Dashboard\Home.php:93
actionwp_dashboard_setupsrc\Admin\Dashboard\Home.php:94
actionlogin_headsrc\Admin\Login.php:52
filterdisable_months_dropdownsrc\Admin\Media\All.php:115
actionadmin_initsrc\Admin\Media\All.php:118
actionadmin_head-upload.phpsrc\Admin\Media\All.php:119
filterdisable_months_dropdownsrc\Admin\Pages\All.php:130
actionadmin_head-edit.phpsrc\Admin\Pages\All.php:133
actionadmin_head-plugin-install.phpsrc\Admin\Plugins\Add.php:88
filterinstall_plugins_tabssrc\Admin\Plugins\Add.php:89
filterplugin_install_action_linkssrc\Admin\Plugins\Add.php:90
filterbulk_actions-pluginssrc\Admin\Plugins\All.php:111
filterplugin_row_metasrc\Admin\Plugins\All.php:112
filterdisable_months_dropdownsrc\Admin\Posts\All.php:128
actionadmin_head-edit.phpsrc\Admin\Posts\All.php:131
actionadmin_head-edit-tags.phpsrc\Admin\Posts\Categories\All.php:116
actionadmin_head-edit-tags.phpsrc\Admin\Posts\Categories\Item.php:73
actionadmin_head-term.phpsrc\Admin\Posts\Categories\Item.php:74
actionadmin_head-edit-tags.phpsrc\Admin\Posts\Tags\All.php:116
actionadmin_head-edit-tags.phpsrc\Admin\Posts\Tags\Item.php:73
actionadmin_head-term.phpsrc\Admin\Posts\Tags\Item.php:74
actionadmin_head-options-discussion.phpsrc\Admin\Settings\Discussion.php:98
actionadmin_head-options-general.phpsrc\Admin\Settings\General.php:92
actionadmin_head-options-media.phpsrc\Admin\Settings\Media.php:70
actionadmin_head-options-permalink.phpsrc\Admin\Settings\Permalinks.php:75
actionadmin_head-options-privacy.phpsrc\Admin\Settings\Privacy.php:69
actionadmin_head-options-reading.phpsrc\Admin\Settings\Reading.php:74
actionadmin_head-options-writing.phpsrc\Admin\Settings\Writing.php:72
actioncurrent_screensrc\Admin\Support\All\Pagination.php:84
actionenqueue_block_editor_assetssrc\Admin\Support\BlockEditor.php:59
actionadmin_headsrc\Admin\Support\BlockEditor.php:60
actionadmin_menusrc\Admin\Support\Menu.php:74
actionadmin_menusrc\Admin\Support\Menu.php:97
actionadmin_menusrc\Admin\Support\Menu.php:117
actionadmin_initsrc\Admin\Support\PostComponents.php:51
actionadmin_headsrc\Admin\Support\PostComponents.php:95
actionadmin_initsrc\Admin\Support\Router.php:65
filterscreen_options_show_screensrc\Admin\Support\Tabs.php:241
actionadmin_head-user-new.phpsrc\Admin\Users\Add.php:69
actionadmin_head-users.phpsrc\Admin\Users\All.php:103
actionadmin_head-user-new.phpsrc\Admin\Users\Profile.php:122
actionadmin_head-user-edit.phpsrc\Admin\Users\Profile.php:123
actionadmin_head-profile.phpsrc\Admin\Users\Profile.php:124
filtereditable_rolessrc\Admin\Users\Profile.php:125
actioninitsrc\Application\Discussion.php:97
actionadmin_head-options-discussion.phpsrc\Application\Discussion.php:98
actioninitsrc\Application\General.php:64
actionadmin_head-options-general.phpsrc\Application\General.php:65
filteradmin_email_check_intervalsrc\Application\General.php:91
filteradmin_email_check_intervalsrc\Application\General.php:100
filterwp_mail_fromsrc\Application\General.php:110
filterwp_mail_from_namesrc\Application\General.php:117
actionupload_mimessrc\Application\Media\Mimes.php:52
filterwp_check_filetype_and_extsrc\Application\Media\Mimes.php:53
actioninitsrc\Application\Media\Sizes.php:69
actionadmin_head-options-media.phpsrc\Application\Media\Sizes.php:70
filterintermediate_image_sizessrc\Application\Media\Sizes.php:99
actioninitsrc\Application\Media\Uploads.php:44
actionadmin_head-options-media.phpsrc\Application\Media\Uploads.php:45
actioninitsrc\Application\Menus.php:48
actioninitsrc\Application\Permalinks.php:47
actionadmin_head-options-permalink.phpsrc\Application\Permalinks.php:48
actiontemplate_redirectsrc\Application\Permalinks.php:77
actionadmin_initsrc\Application\Plugins.php:50
actioninitsrc\Application\Posttypes.php:61
actioninitsrc\Application\Privacy.php:43
actionadmin_head-options-privacy.phpsrc\Application\Privacy.php:44
actioninitsrc\Application\Reading.php:49
actionadmin_head-options-reading.phpsrc\Application\Reading.php:50
filterrest_endpointssrc\Application\Support\Comments.php:31
actionwp_loadedsrc\Application\Support\Comments.php:32
actionadmin_initsrc\Application\Support\Comments.php:33
actionadmin_head-index.phpsrc\Application\Support\Comments.php:34
actiontemplate_redirectsrc\Application\Support\Comments.php:37
filtercomments_opensrc\Application\Support\Comments.php:38
filterpings_opensrc\Application\Support\Comments.php:39
filterpost_comments_feed_linksrc\Application\Support\Comments.php:40
filtercomments_link_feedsrc\Application\Support\Comments.php:41
filtercomment_linksrc\Application\Support\Comments.php:42
filterget_comments_numbersrc\Application\Support\Comments.php:43
filterfeed_links_show_comments_feedsrc\Application\Support\Comments.php:44
filtercomments_templatesrc\Application\Support\Comments.php:121
filteremoji_svg_urlsrc\Application\Support\Emoji.php:36
filtertiny_mce_pluginssrc\Application\Support\Emoji.php:37
actionwp_loadedsrc\Application\Support\Posttypes\Remove.php:59
filterrewrite_rules_arraysrc\Application\Support\Posttypes\RemoveAttachment.php:42
filterwp_unique_post_slugsrc\Application\Support\Posttypes\RemoveAttachment.php:43
filterrequestsrc\Application\Support\Posttypes\RemoveAttachment.php:44
filterattachment_linksrc\Application\Support\Posttypes\RemoveAttachment.php:45
actiontemplate_redirectsrc\Application\Support\Posttypes\RemoveAttachment.php:48
filterregister_post_type_argssrc\Application\Support\Posttypes\RemoveAttachment.php:49
actionwp_loadedsrc\Application\Support\Taxonomies\Remove.php:57
actioninitsrc\Application\Taxonomies.php:62
actioninitsrc\Application\Theme.php:46
actioninitsrc\Application\Writing.php:56
actionadmin_head-options-writing.phpsrc\Application\Writing.php:57
actioninitsrc\Application\Writing.php:60
actionplugins_loadedsrc\Intervention.php:83
actionadmin_headsrc\UserInterface\Support\UserColorSchemeCustomProps.php:29
actionadmin_footersrc\UserInterface\Support\UserColorSchemeCustomProps.php:43
actionadmin_menusrc\UserInterface.php:68
actionrest_api_initsrc\UserInterface.php:92
actionplugins_loadedsrc\UserInterface.php:123
actionadmin_enqueue_scriptssrc\UserInterface.php:141
Maintenance & Trust

Intervention Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11
Last updatedJul 12, 2023
PHP min version7.4
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs400
Alternatives

Intervention Alternatives

Register Settings API

Register Settings API

register-settings-api

A
85

Add settings to your own theme or plugin. As simple as writing an array.

10 No CVEs
Admin Options Pages

Admin Options Pages

admin-options-pages

A
99

Create and edit your own options pages with ease.

600 1 CVE
Admin Page Framework

Admin Page Framework

admin-page-framework

A
85

Facilitates WordPress plugin and theme development.

80 No CVEs
WP-Options

WP-Options

wp-options

A
85

WP-Options:

20 No CVEs
All Settings

All Settings

all-settings

A
85

Simple plugin that adds an All Settings submenu to the Settings menu for Administrators and above, enabling one-click access to the options.php file.

10 No CVEs
Developer Profile

Intervention Developer Profile

Darren Jacoby

1 plugin · 400 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Intervention

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes
nav-menus-php
JS Globals
jQuery
FAQ

Frequently Asked Questions about Intervention