Does MarketPowerWP have any unpatched vulnerabilities?

No. All known vulnerabilities in MarketPowerWP have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is MarketPowerWP compatible with WordPress 5.5.18?

According to WordPress.org data, MarketPowerWP 2.2.9 has been tested up to WordPress 5.5.18. Check the plugin's changelog for the latest compatibility information.

How often is MarketPowerWP updated?

MarketPowerWP was last updated on Apr 5, 2023. Frequent updates are generally a positive security signal.

What is MarketPowerWP's security score?

MarketPowerWP has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MarketPowerWP Security & Risk Analysis

wordpress.org/plugins/marketpowerwp

This is a plugin that communicates with the MarketPowerPRO web services API to be used in your Wordpress site.

10 active installs v2.2.9 PHP + WP 3.4+ Updated Apr 5, 2023

marketpowerpromultisoft

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is MarketPowerWP Safe to Use in 2026?

Generally Safe

Score 85/100

MarketPowerWP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The security posture of marketpowerwp v2.2.9 appears to be relatively good based on the static analysis and vulnerability history provided. There are no known vulnerabilities (CVEs) associated with this version, and the code signals suggest a good effort in secure coding practices, with a high percentage of SQL queries using prepared statements and a reasonable number of file operations and external HTTP requests. The absence of critical or high severity taint flows is also a positive indicator.

However, there are areas of concern. The most significant weakness lies in the output escaping. With only 4% of outputs properly escaped, there is a high risk of Cross-Site Scripting (XSS) vulnerabilities. This means that user-supplied data, if not handled carefully, could be injected into the webpage and executed by other users' browsers. Additionally, the lack of capability checks on any entry points is a major oversight. This means that any user, regardless of their role or permissions, could potentially interact with the plugin's functionality, opening the door to unauthorized access or manipulation.

While the plugin has no recorded vulnerability history, this should not be interpreted as a guarantee of future security. The identified weaknesses, particularly the poor output escaping and lack of capability checks, create a fertile ground for potential vulnerabilities to emerge, especially if the plugin interacts with user-supplied data in complex ways. The strengths lie in the SQL query handling and the absence of critical taint flows, but these are overshadowed by the significant XSS and authorization risks.

Key Concerns

Low percentage of output escaping
No capability checks on entry points

Vulnerabilities

None known

MarketPowerWP Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

MarketPowerWP Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

88% prepared16 total queries

Output Escaping

4% escaped53 total outputs

Attack Surface

MarketPowerWP Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[mppe-add-distibutor-form] src\Multisoft\MPP\Distributor\Add\AddController.php:49

[mppe] src\Multisoft\MPP\Replication\ReplicationController.php:41

WordPress Hooks 20

actionrest_api_initsrc\LePlugin\Api\ApiController.php:17

actionadmin_menusrc\LePlugin\Core\AbstractController.php:82

actionadmin_enqueue_scriptssrc\LePlugin\Core\AbstractController.php:85

actionwp_enqueue_scriptssrc\LePlugin\Core\AbstractController.php:88

actioninitsrc\LePlugin\Core\AbstractController.php:109

actionle_cronsrc\LePlugin\Core\AbstractController.php:215

filterrest_url_prefixsrc\LePlugin\Core\CoreApiController.php:22

filterrest_pre_serve_requestsrc\LePlugin\Core\CoreApiController.php:23

filterrest_authentication_errorssrc\LePlugin\Core\CoreApiController.php:26

actionadmin_menusrc\Multisoft\MPP\Core\CoreController.php:37

actionadmin_footersrc\Multisoft\MPP\Core\CoreController.php:38

actioninitsrc\Multisoft\MPP\Replication\ReplicationController.php:39

actionadmin_noticessrc\Multisoft\MPP\Replication\ReplicationController.php:40

filteroption_homesrc\Multisoft\MPP\Replication\ReplicationController.php:43

filteroption_siteurlsrc\Multisoft\MPP\Replication\ReplicationController.php:46

filterwpseo_canonicalsrc\Multisoft\MPP\Replication\ReplicationController.php:49

filteraioseop_canonical_urlsrc\Multisoft\MPP\Replication\ReplicationController.php:52

actionwpcf7_before_send_mailsrc\Multisoft\MPP\Replication\ReplicationController.php:55

actionwp_enqueue_scriptssrc\Multisoft\MPP\Replication\ReplicationController.php:85

actiontemplate_redirectsrc\Multisoft\MPP\Replication\ReplicationController.php:347

Maintenance & Trust

MarketPowerWP Maintenance & Trust

Maintenance Signals

WordPress version tested5.5.18

Last updatedApr 5, 2023

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

MarketPowerWP Alternatives

No alternatives data available yet.

Developer Profile

MarketPowerWP Developer Profile

MultiSoft Corporation

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect MarketPowerWP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/marketpowerwp/js/src/marketpowerwp.js/wp-content/plugins/marketpowerwp/js/src/admin.js/wp-content/plugins/marketpowerwp/js/src/jquery.autocomplete.js/wp-content/plugins/marketpowerwp/css/src/marketpowerwp.css/wp-content/plugins/marketpowerwp/css/src/admin.css

Script Paths

/wp-content/plugins/marketpowerwp/js/src/marketpowerwp.js/wp-content/plugins/marketpowerwp/js/src/admin.js/wp-content/plugins/marketpowerwp/js/src/jquery.autocomplete.js

Version Parameters

marketpowerwp/js/src/marketpowerwp.js?ver=marketpowerwp/js/src/admin.js?ver=marketpowerwp/js/src/jquery.autocomplete.js?ver=marketpowerwp/css/src/marketpowerwp.css?ver=marketpowerwp/css/src/admin.css?ver=

HTML / DOM Fingerprints

CSS Classes

marketpowerwp-wrapmarketpowerwp-settingsmarketpowerwp-form-fieldmarketpowerwp-autocompletemarketpowerwp-admin-wrap

HTML Comments

Data Attributes

data-marketpowerwp-autocompletedata-marketpowerwp-field-iddata-marketpowerwp-setting-name

JS Globals

marketpowerwp_ajax_objectmarketpowerwp_admin_varsMarketPowerPRO

REST Endpoints

/wp-json/marketpowerwp/v1/settings/wp-json/marketpowerwp/v1/data

Shortcode Output

[marketpowerwp_form][marketpowerwp_data_display]

FAQ