Does KCite have any unpatched vulnerabilities?

No. All known vulnerabilities in KCite have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is KCite compatible with WordPress 4.4.34?

According to WordPress.org data, KCite 1.6.3 has been tested up to WordPress 4.4.34. Check the plugin's changelog for the latest compatibility information.

How often is KCite updated?

KCite was last updated on Apr 7, 2016. Frequent updates are generally a positive security signal.

What is KCite's security score?

KCite has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

KCite Security & Risk Analysis

wordpress.org/plugins/kcite

A tool for producing citations and bibliographies in Wordpress posts. Developed for the Knowledgeblog project (http://knowledgeblog.org).

50 active installs v1.6.3 PHP + WP 3.0+ Updated Apr 7, 2016

citationscrossrefdoipubmedreferences

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is KCite Safe to Use in 2026?

Generally Safe

Score 85/100

KCite has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9yr ago

Risk Assessment

The kcite plugin version 1.6.3 presents a generally positive security posture based on the static analysis. The plugin demonstrates good practices by not exposing any AJAX handlers or REST API routes without proper authentication and authorization checks, which significantly limits its attack surface. Furthermore, all SQL queries utilize prepared statements, indicating a strong defense against SQL injection vulnerabilities. The absence of file operations and dangerous functions is also a positive sign. However, there are areas for improvement. The low percentage of properly escaped output (20%) is a significant concern, as it exposes the plugin to potential Cross-Site Scripting (XSS) vulnerabilities if user-supplied data is not handled carefully. While no critical or high severity taint flows were detected, one flow with an unsanitized path suggests a potential for indirect path traversal vulnerabilities, which warrants further investigation. The plugin's vulnerability history is clean, with no recorded CVEs, suggesting a track record of secure development or infrequent targeting, but this cannot be solely relied upon for long-term security. The overall security is good due to the lack of common critical vulnerabilities, but the output escaping and unsanitized path flow are notable weaknesses that could be exploited.

Key Concerns

Low output escaping percentage
Unsanitized path flow detected

Vulnerabilities

None known

KCite Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

KCite Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

20% escaped5 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

admin_save (kcite-admin.php:188)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

KCite Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[cite] kcite.php:78

[fullcite] kcite.php:81

WordPress Hooks 7

actionadmin_menukcite-admin.php:25

filterthe_contentkcite.php:71

filterthe_contentkcite.php:74

actionwp_footerkcite.php:84

filterplugin_action_linkskcite.php:95

filterquery_varskcite.php:98

actiontemplate_redirectkcite.php:100

Maintenance & Trust

KCite Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34

Last updatedApr 7, 2016

PHP min version

Downloads8K

Community Trust

Rating90/100

Number of ratings2

Active installs50

Alternatives

KCite Alternatives

Citation Importer

citation-importer

Import a citation or bibliography as posts.

20 No CVEs

CiteKit – Citation and Reference Manager

citation-reference-manager

100

Add in-text citations, tooltips, and auto-generated bibliography to your WordPress posts in APA, MLA, Chicago and more.

20 No CVEs

WebKew WP References and Citations

webkew-wp-references-and-citations

100

A WordPress plugin that automatically generates a bibliography from citations added to a WP post/page/custom post type.

10 No CVEs

Modern Footnotes

modern-footnotes

Add inline footnotes to your posts. On desktop, the footnotes will appear as tooltips. On mobile, the footnote will expand beneath the text.

6K 3 CVEs

Resizable Sidebar for the Gutenberg Block Editor

resizable-editor-sidebar

100

An intuitive solution to make the default WordPress Gutenberg sidebar resizable.

2K No CVEs

Developer Profile

KCite Developer Profile

knowledgeblog

2 plugins · 10K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

3956 days

View full developer profile

Detection Fingerprints

How We Detect KCite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/kcite-citeproc/xmldom.js/wp-content/plugins/kcite-citeproc/citeproc.js/wp-content/plugins/kcite-citeproc/kcite_locale_style.js/wp-content/plugins/kcite-citeproc/kcite.js

Script Paths

/wp-content/plugins/kcite-citeproc/xmldom.js/wp-content/plugins/kcite-citeproc/citeproc.js/wp-content/plugins/kcite-citeproc/kcite_locale_style.js/wp-content/plugins/kcite-citeproc/kcite.js

HTML / DOM Fingerprints

CSS Classes

kcite-section

HTML Comments

<!-- kcite-section

Data Attributes

kcite-section-id

JS Globals

window.kcitewindow.kcite_locale_style

REST Endpoints

/wp-json/kcite-

Shortcode Output

<div class="kcite-section"

FAQ