Does KickPress have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is KickPress compatible with WordPress 4.4.34?

According to WordPress.org data, KickPress 0.3.5 has been tested up to WordPress 4.4.34. Check the plugin's changelog for the latest compatibility information.

How often is KickPress updated?

KickPress was last updated on Feb 20, 2016. Frequent updates are generally a positive security signal.

What is KickPress's security score?

KickPress has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

KickPress Security — No Known CVEs

Safety Verdict

Is KickPress Safe to Use in 2026?

Generally Safe

Score 85/100

KickPress has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The "kickpress" plugin v0.3.5 presents a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices concerning SQL queries, utilizing prepared statements exclusively. It also shows a reasonable number of nonce and capability checks, indicating an awareness of WordPress security mechanisms. The absence of any recorded vulnerabilities or CVEs in its history is a significant strength, suggesting a generally well-maintained codebase or a lack of discoverable exploitable flaws to date.

However, several areas raise concern. The presence of 3 unprotected AJAX handlers creates a direct attack surface, potentially allowing unauthenticated users to trigger sensitive actions. The taint analysis reveals a significant number of flows with unsanitized paths (19 out of 34 analyzed), with 9 identified as high severity. This, combined with the use of dangerous functions like 'unserialize' and 'ini_set', points to a substantial risk of code injection, cross-site scripting (XSS), or privilege escalation if these unsanitized inputs are not handled with extreme care. Furthermore, only 35% of output is properly escaped, indicating a high risk of XSS vulnerabilities across the plugin.

While the plugin has no known CVEs, the critical findings in the static and taint analysis suggest a high potential for undiscovered vulnerabilities. The lack of history could be due to its obscurity or limited security auditing. The high number of unsanitized flows and low output escaping rate are the most pressing issues, overshadowing the good practices in other areas. Users should exercise caution.

Key Concerns

Unprotected AJAX handlers
High severity taint flows found
Use of dangerous functions (unserialize, ini_set)
Low output escaping percentage
Unsanitized flows found

Vulnerabilities

None known

KickPress Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

KickPress Release Timeline

v0.3.5Current

v0.3.4

v0.3.3

v0.3.2

v0.3.1

v0.3

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2

v0.1.12

Code Analysis

Analyzed Apr 16, 2026

KickPress Code Analysis

Dangerous Functions

6

Raw SQL Queries

0

75 prepared

Unescaped Output

310

164 escaped

Nonce Checks

17

Capability Checks

23

File Operations

8

External Requests

7

Bundled Libraries

0

Dangerous Functions Found

ini_set@ini_set('memory_limit', '256M');kickpress-media-functions-deprecated.php:26

unserialize$post_term->params = unserialize( $post_term->description );kickpress-workflows.php:53

unserialize$term->params = unserialize( $term->description );kickpress-workflows.php:184

unserialize$term_row->params = unserialize( $term_row->description );kickpress-workflows.php:228

unserialize$post_term->params = unserialize( $post_term->description );kickpress-workflows.php:252

unserialize$term->params = unserialize( $term->description );kickpress-workflows.php:737

SQL Query Safety

100% prepared75 total queries

Output Escaping

35% escaped474 total outputs

Data Flows · Security

19 unsanitized

Data Flow Analysis

25 flows19 with unsanitized paths

export_data (kickpress-api.php:2701)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

KickPress Attack Surface

Entry Points11

Unprotected3

AJAX Handlers 6

authwp_ajax_search_postshandlers/class-series.php:78

authwp_ajax_save_capskickpress-capabilities.php:6

authwp_ajax_add_rolekickpress-capabilities.php:7

authwp_ajax_remove_rolekickpress-capabilities.php:8

authwp_ajax_search_postskickpress-reading-plans.php:10

authwp_ajax_post_searchkickpress-relationships.php:7

Shortcodes 5

[kickpress] kickpress.php:115

[kickpress-notes] kickpress.php:116

[kickpress-bookmarks] kickpress.php:117

[kickpress-tasks] kickpress.php:118

[kickpress-series] kickpress.php:119

WordPress Hooks 62

actionpre_get_postshandlers/class-events.php:3

actionwp_enqueue_scriptshandlers/class-locations.php:7

actionregistered_post_typehandlers/class-series.php:74

actionregistered_taxonomyhandlers/class-series.php:75

actionadmin_enqueue_scriptshandlers/class-series.php:77

filterposts_fieldshandlers/class-series.php:478

filterposts_orderbyhandlers/class-series.php:479

filterposts_searchhandlers/class-series.php:1110

filterwpmu_signup_user_notificationkickpress-api.php:1962

filterwpmu_welcome_user_notificationkickpress-api.php:1993

actionadmin_menukickpress-application.php:3

filtercomments_clauseskickpress-bookmarks.php:3

actionadmin_menukickpress-capabilities.php:3

actionpersonal_optionskickpress-capabilities.php:4

actionprofile_updatekickpress-capabilities.php:5

actionwp_footerkickpress-functions.php:589

actionkickpress_paginationkickpress-pagination.php:8

actionwp_footerkickpress-pagination.php:253

filterposts_requestkickpress-query-filters.php:6

filterposts_fieldskickpress-reading-plans.php:3

filterposts_orderbykickpress-reading-plans.php:4

actioninitkickpress-reading-plans.php:6

actionadmin_menukickpress-reading-plans.php:8

filterposts_fieldskickpress-reading-plans.php:165

filterposts_orderbykickpress-reading-plans.php:166

filterposts_searchkickpress-reading-plans.php:191

filterredirect_canonicalkickpress-redirects.php:7

actionwpkickpress-redirects.php:357

actionsave_postkickpress-relationships.php:3

actionadd_meta_boxeskickpress-relationships.php:4

actionadmin_menukickpress-relationships.php:5

actioninitkickpress-relationships.php:9

actionadmin_enqueue_scriptskickpress-workflows.php:3

actionadmin_menukickpress-workflows.php:4

actionadd_meta_boxeskickpress-workflows.php:5

actionsave_postkickpress-workflows.php:6

filterpre_get_postskickpress.php:67

filterpre_get_postskickpress.php:68

filterposts_fieldskickpress.php:69

filterposts_joinkickpress.php:70

filterposts_wherekickpress.php:71

filterposts_searchkickpress.php:72

filterposts_groupbykickpress.php:73

filterposts_orderbykickpress.php:74

filterpost_limitskickpress.php:75

actioninitkickpress.php:77

actioninitkickpress.php:78

actioninitkickpress.php:79

actionparse_requestkickpress.php:80

actionwidgets_initkickpress.php:82

actionplugins_loadedkickpress.php:84

actionsave_postkickpress.php:129

actionadmin_menukickpress.php:132

actionadmin_headkickpress.php:135

actionadmin_menukickpress.php:136

actionadmin_print_scriptskickpress.php:137

actionadmin_menukickpress.php:139

actioninitkickpress.php:141

actionwp_enqueue_scriptskickpress.php:144

filterthe_postskickpress.php:147

actionwp_footerwidgets/class-pagination.php:287

actionwp_footerwidgets/class-pagination.php:309

Maintenance & Trust

KickPress Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34

Last updatedFeb 20, 2016

PHP min version

Downloads5K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

KickPress Alternatives

Meta Box

meta-box

A

89

Meta Box plugin is a powerful, professional developer toolkit to create custom meta boxes and custom fields for your custom post types in WordPress.

500K 7 CVEs

Pods – Custom Content Types and Fields

pods

A

87

Pods is a framework for creating, managing, and deploying customized content types and fields for any project.

100K 14 CVEs

CubeWP Framework

cubewp-framework

C

52

CubeWP is an end-to-end dynamic content framework for WordPress to help you shrink time and cut cost of development up to 90%.

4K 1 unpatched

Custom post types, Custom Fields & more

custom-post-types

A

99

Custom Post Types, Custom Fields, Custom Taxonomies, Custom Templates, Custom Admin Pages, Custom Admin Notices. Directly from the WP dashboard.

3K 3 CVEs

LIQUID TOOLS – Custom Fields, CPT & Security

liquid-tools

A

100

Very simple tool to set up Custom Fields, Custom Post Types, Custom Taxonomies, and Security.

90 No CVEs

Developer Profile

KickPress Developer Profile

David Tufts

1 plugin · 10 total installs

84

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect KickPress

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/kickpress/kickpress.css/wp-content/plugins/kickpress/kickpress.js/wp-content/plugins/kickpress/kickpress-admin.js

Script Paths

/wp-content/plugins/kickpress/kickpress.js/wp-content/plugins/kickpress/kickpress-admin.js

Version Parameters

kickpress/kickpress.css?ver=kickpress/kickpress.js?ver=

HTML / DOM Fingerprints

CSS Classes

kickpresskickpress-bookmarkskickpress-taskskickpress-noteskickpress-series

HTML Comments

Data Attributes

data-kickpress-iddata-kickpress-typedata-kickpress-slug

JS Globals

window.kickpressvar kickpress_optionsvar kickpress_vars

Shortcode Output

[kickpress][kickpress-notes][kickpress-bookmarks][kickpress-tasks]

FAQ

KickPress Security & Risk Analysis