Does iSape have any unpatched vulnerabilities?

Yes — iSape currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is iSape compatible with WordPress 3?

According to WordPress.org data, iSape 0.72 (02-05-2010) has been tested up to WordPress 3. Check the plugin's changelog for the latest compatibility information.

How often is iSape updated?

iSape was last updated on Aug 1, 2012. Frequent updates are generally a positive security signal.

What is iSape's security score?

iSape has a WP-Safety security score of 63/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

iSape Security & Risk Analysis

wordpress.org/plugins/isape

100 active installs v0.72 (02-05-2010) PHP + WP 2.3+ Updated Aug 1, 2012

automaticlinklinksseowidget

C · Use Caution

CVEs total1

Unpatched1

Last CVEJan 27, 2026

Plugin page Download

Safety Verdict

Is iSape Safe to Use in 2026?

Use With Caution

Score 63/100

iSape has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Jan 27, 2026Updated 13yr ago

Risk Assessment

The 'isape' plugin version 0.72 exhibits a concerning security posture despite some positive indicators. While the static analysis shows no dangerous functions, a complete absence of AJAX handlers, REST API routes, shortcodes, and cron events, and all SQL queries using prepared statements, these strengths are overshadowed by significant weaknesses. A substantial 78% of output escaping is improperly handled, creating a high risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, all four analyzed taint flows resulted in unsanitized paths, indicating potential for serious security issues, though their severity is not classified as critical or high. The plugin also lacks any nonce or capability checks, leaving any potential entry points unprotected. The vulnerability history is particularly worrying, with one unpatched medium severity CVE classified as Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), which aligns with the output escaping issues. The plugin's age (2010) and the recency of the reported vulnerability (2026, though likely a typo and intended to be in the past) suggest a history of security flaws that have not been adequately addressed over time. The lack of bundled libraries is a minor positive, but it doesn't mitigate the more critical issues.

Key Concerns

Unpatched Medium Severity CVE
High percentage of unescaped output (78%)
All taint flows have unsanitized paths
No nonce checks
No capability checks

Vulnerabilities

iSape Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-68847medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

iSape <= 0.72 - Reflected Cross-Site Scripting

Jan 27, 2026Unpatched

Code Analysis

Analyzed Mar 16, 2026

iSape Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

16 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

22% escaped74 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

4 flows4 with unsanitized paths

itex_s_widget_links_control (iSape.php:521)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

iSape Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionwidgets_initiSape.php:118

actionadmin_menuiSape.php:120

actionwp_footeriSape.php:121

actionwp_footeriSape.php:209

filterthe_contentiSape.php:217

filterthe_excerptiSape.php:218

filterthe_contentiSape.php:344

filterthe_excerptiSape.php:345

Maintenance & Trust

iSape Maintenance & Trust

Maintenance Signals

WordPress version tested3

Last updatedAug 1, 2012

PHP min version

Downloads53K

Community Trust

Rating100/100

Number of ratings2

Active installs100

Alternatives

iSape Alternatives

iMoney

imoney

Plugin iMoney is meant for monetize your blog using Adsense, sape.ru, tnx.net and other systems.

100 1 unpatched

Uptopromo Publisher Indonesia

uptopromo-publisher-indonesia

Plugin UpToPromo untuk Publisher di Indonesia membantu menginstal kode PHP untuk slot iklan UpToPromo pada situs Wordpress hanya dengan 3 klik saja.

10 No CVEs

Internal Link Juicer: SEO Auto Linker for WordPress

internal-links

Improve your SEO and your user experience through internal linkbuilding. Automated links between your posts based on a smart keyword configuration.

90K 2 CVEs

Autolinks Manager – SEO Auto Linker

daext-autolinks-manager

100

Automate your affiliate links, increase product page visits, link glossary keywords, and more with this advanced SEO auto-linker plugin.

2K 1 CVE

Automatic Internal Links for SEO by Pagup

automatic-internal-links-for-seo

This fully automated plugin creates and boosts your internal linking in 2 clicks, using Yoast / Rank Math Focus keywords as anchor text for internal l …

1K 1 CVE

Developer Profile

iSape Developer Profile

LitExtension

6 plugins · 3K total installs

trust score

Avg Security Score

84/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect iSape

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/isape/itex_sape_admin.css/wp-content/plugins/isape/itex_sape_styles.css

Script Paths

/wp-content/plugins/isape/itex_sape_admin.js

Version Parameters

isape/itex_sape_admin.css?ver=isape/itex_sape_styles.css?ver=isape/itex_sape_admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

itex_sape_widget

HTML Comments

JS Globals

itex_sape_options

Shortcode Output

[isape][sape_links][sape_context]

FAQ