Lexicographer Security & Risk Analysis
wordpress.org/plugins/lexicographerLexicographer creates an alphabetical index of your blog, using keywords you choose. The index can be included in any page, post or text widget.
Is Lexicographer Safe to Use in 2026?
Generally Safe
Score 85/100Lexicographer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The plugin "lexicographer" v0.9.4 exhibits a mixed security posture. On the positive side, the static analysis reveals no dangerous functions, no file operations, no external HTTP requests, and all identified output is properly escaped. The vulnerability history is also clean, with no recorded CVEs, which is a strong indicator of good security practices by the developers. Furthermore, the attack surface is minimal, with only one shortcode and no AJAX handlers or REST API routes, and importantly, no unprotected entry points were identified.
However, a significant concern arises from the SQL query handling. All 10 SQL queries are executed without using prepared statements. This represents a substantial risk, as it makes the plugin vulnerable to SQL injection attacks if any user-controlled data is incorporated into these queries, despite the absence of taint analysis findings in this specific scan. The lack of nonce and capability checks, while not directly linked to identified vulnerabilities in this scan, could also be a point of concern in a broader security context, particularly if the shortcode or any other functions were to evolve to handle user input or sensitive operations.
In conclusion, while the plugin benefits from a small attack surface, no dangerous code signals, and a clean vulnerability history, the universal use of raw SQL queries is a critical weakness that significantly elevates its risk profile. Addressing this by implementing prepared statements for all SQL queries should be the top priority for improving the plugin's security.
Key Concerns
- Raw SQL queries without prepared statements
Lexicographer Security Vulnerabilities
Lexicographer Code Analysis
SQL Query Safety
Lexicographer Attack Surface
Shortcodes 1
WordPress Hooks 4
Maintenance & Trust
Lexicographer Maintenance & Trust
Maintenance Signals
Community Trust
Lexicographer Alternatives
Name Directory
name-directory
Name directory (glossary) with many options like multiple directories, integrated search, non-latin characters, recaptcha, HTML editor and many more.
3task Glossary – Dictionary, Wiki & Knowledge Base
3task-glossary
Create glossaries, dictionaries & knowledge bases using WordPress pages. A-Z navigation, auto-linking, dark mode. No database, just pages.
Easy Glossary
easy-glossary
A lightweight, flexible glossary plugin that auto-links terms, shows tooltips, and provides an index shortcode.
CM Tooltip Glossary
enhanced-tooltipglossary
Transform jargon into engaging content that boosts SEO, drives engagement, improves conversions, with automatic links and tooltips.
Heroic Glossary – Block for building Glossaries, Dictionaries and more
heroic-glossary
The best WordPress glossary builder plugin to create and manage your own glossary of terms.
Lexicographer Developer Profile
3 plugins · 4K total installs
How We Detect Lexicographer
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/lexicographer/css/lexicographer.css/wp-content/plugins/lexicographer/js/lexicographer.js/wp-content/plugins/lexicographer/js/lexicographer.jslexicographer/css/lexicographer.css?ver=lexicographer/js/lexicographer.js?ver=HTML / DOM Fingerprints
lexicographer-index<!-- Lexicographer index generated by Kilian Evang -->[lexicographer_index