Does IVGuard have any unpatched vulnerabilities?

No. All known vulnerabilities in IVGuard have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is IVGuard compatible with WordPress 4.7.32?

According to WordPress.org data, IVGuard 1.2.3 has been tested up to WordPress 4.7.32. Check the plugin's changelog for the latest compatibility information.

How often is IVGuard updated?

IVGuard was last updated on Dec 21, 2016. Frequent updates are generally a positive security signal.

What is IVGuard's security score?

IVGuard has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

IVGuard Security & Risk Analysis

wordpress.org/plugins/ivguard

IVGuard is the plugin that specialized for the protection and monitoring against the attacks to your website. Now you see and know everything.

10 active installs v1.2.3 PHP + WP 4.4+ Updated Dec 21, 2016

preventionprotectprotectionsecuresecurity

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is IVGuard Safe to Use in 2026?

Generally Safe

Score 85/100

IVGuard has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The 'ivguard' plugin v1.2.3 exhibits a mixed security posture. On one hand, it presents a very small attack surface with no apparent AJAX handlers, REST API routes, shortcodes, or cron events, and critically, zero unprotected entry points. This suggests a deliberate effort to limit potential avenues for attack. Furthermore, the plugin avoids the use of dangerous functions and does not bundle any libraries, which are positive security indicators. However, significant concerns arise from the static analysis results. A high percentage of SQL queries are not using prepared statements, and alarmingly, none of the identified output operations are properly escaped. The taint analysis reveals a concerning number of flows with unsanitized paths, with a notable six classified as high severity. The absence of nonce checks and capability checks, especially in conjunction with potential SQL injection risks and unescaped output, presents a substantial risk. The plugin's history of zero known vulnerabilities is positive, but it is not a guarantee of future safety, especially given the current code-level weaknesses. The core risks lie in the insecure handling of data, particularly the unsanitized paths and unescaped outputs, which could lead to various injection attacks if even a single entry point were to be discovered or created in the future.

Key Concerns

High severity unsanitized taint flows
No output escaping
65% of SQL queries not prepared
No nonce checks
No capability checks

Vulnerabilities

None known

IVGuard Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

IVGuard Code Analysis

Dangerous Functions

Raw SQL Queries

20 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

65% prepared31 total queries

Output Escaping

0% escaped5 total outputs

Data Flows

8 unsanitized

Data Flow Analysis

8 flows8 with unsanitized paths

settingsPage (IVGuard.php:144)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

IVGuard Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 12

actionadmin_noticesIVGuard.php:13

actioninitIVGuard.php:19

actionplugins_loadedIVGuard.php:20

actiontemplate_redirectIVGuard.php:21

actionadmin_menuIVGuard.php:22

actionwp_login_failedIVGuard.php:23

actionlogin_formIVGuard.php:24

actionpassword_resetIVGuard.php:25

actionadmin_post_ivguard_settingsIVGuard.php:26

filterlogin_redirectIVGuard.php:27

filterauthenticateIVGuard.php:28

actionlogin_headIVGuard.php:676

Maintenance & Trust

IVGuard Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32

Last updatedDec 21, 2016

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

IVGuard Alternatives

Spam Protect for Contact Form 7

wp-contact-form-7-spam-blocker

Spam Protect for Contact-Form7 protects from spam and bots. Customize defense strategies and monitor blocked attempts. Protect your time effectively!

10K 1 CVE

CopySafe PDF Protection – Copy Protect PDF

wp-copysafe-pdf

100

Display copy protected PDF documents on WordPress pages and posts.

400 No CVEs

KillBot

killbot

100

The KillBot plugin for WordPress uses the external KillBot service to protect websites from bots and automated traffic.

50 No CVEs

Autentify anti fraud for WooCommerce

autentify-anti-fraud-for-woocommerce

AUTENTIFY é uma plataforma de prevenção a fraude em tempo real que ajuda comerciantes de todos os tamanhos na tomada de decisão.

10 No CVEs

Campaign AI

campaign-ai

100

Campaign AI integration plugin that protects websites and ad campaigns from bots and invalid traffic using real-time click fraud detection.

0 No CVEs

Developer Profile

IVGuard Developer Profile

manky

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect IVGuard

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/ivguard/admin/css/ivguard.css/wp-content/plugins/ivguard/admin/js/ivguard.js

HTML / DOM Fingerprints

CSS Classes

ivguard

Data Attributes

data-clipboard-target

JS Globals

ivGuard

FAQ