Does Massive Replacer have any unpatched vulnerabilities?

No. All known vulnerabilities in Massive Replacer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Massive Replacer compatible with WordPress 2.5.1?

According to WordPress.org data, Massive Replacer 2.0 has been tested up to WordPress 2.5.1. Check the plugin's changelog for the latest compatibility information.

How often is Massive Replacer updated?

Massive Replacer was last updated on Jun 26, 2008. Frequent updates are generally a positive security signal.

What is Massive Replacer's security score?

Massive Replacer has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Massive Replacer Security & Risk Analysis

wordpress.org/plugins/massive-replacer

Massive Replacer lets you replace a string determined by a different.

10 active installs v2.0 PHP + WP 2.0+ Updated Jun 26, 2008

admincommentsformattingpostsidebar

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Massive Replacer Safe to Use in 2026?

Generally Safe

Score 85/100

Massive Replacer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 17yr ago

Risk Assessment

The "massive-replacer" v2.0 plugin exhibits a seemingly strong security posture from a static analysis perspective, with zero identified attack surface entry points and no critical code signals like dangerous functions or file operations. The absence of known vulnerabilities in its history is also a positive indicator. However, a significant concern arises from the fact that 50% of its SQL queries are not using prepared statements, which introduces a risk of SQL injection vulnerabilities, especially if the input used in these queries is not adequately sanitized. Furthermore, the plugin fails to implement any output escaping, meaning data displayed to users could potentially be vulnerable to cross-site scripting (XSS) attacks if the data originates from an untrusted source. The lack of nonce and capability checks across any identified entry points (though none were found) is a potential weakness that could be exploited if new entry points are introduced in future updates without proper security considerations.

Key Concerns

SQL queries not using prepared statements
No output escaping
No nonce checks
No capability checks

Vulnerabilities

None known

Massive Replacer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Massive Replacer Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

50% prepared2 total queries

Output Escaping

0% escaped5 total outputs

Attack Surface

Massive Replacer Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 3

actionadmin_menumassive_replacer.php:27

filterthe_contentmassive_replacer.php:134

filterthe_titlemassive_replacer.php:135

Maintenance & Trust

Massive Replacer Maintenance & Trust

Maintenance Signals

WordPress version tested2.5.1

Last updatedJun 26, 2008

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Massive Replacer Alternatives

FF Tab Widget

ff-tab-widget

Display popular posts, recent posts, recent commets, and tags in an animated tabs in a single widget.

80 No CVEs

Admin Per Page Limits

admin-per-page-limits

Control the number of posts per page, pages per page, and comments per page that appear in the admin listings of posts, pages, and comments.

20 No CVEs

Bulk Page Maker Light

bulk-page-maker-light

100

Bulk Page Maker Light – Instantly create unlimited WordPress pages or posts in one click! Save hours and supercharge your site-building workflow.

10 No CVEs

Comments by Post Type

comments-by-post-type

Separate comments by post type in admin menu.

10 No CVEs

AH Sidebar Box

evolution-sidebar-box

This widget adds a tabbed sidebar box with recent posts, last comments, categories, popular posts, a tag cloud and the archives to the sidebar.

10 No CVEs

Developer Profile

Massive Replacer Developer Profile

sumolari

3 plugins · 100 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Massive Replacer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

wrapform-fieldform-requiredwidefat

Data Attributes

id="mr_op"name="mr_orig"id="mr_orig"name="mr_repl"id="mr_repl"name="action"+3 more

FAQ

Massive Replacer Security & Risk Analysis

Is Massive Replacer Safe to Use in 2026?

Generally Safe

Key Concerns

Massive Replacer Security Vulnerabilities

Massive Replacer Code Analysis

SQL Query Safety

Output Escaping

Massive Replacer Attack Surface

Massive Replacer Maintenance & Trust

Maintenance Signals

Community Trust

Massive Replacer Alternatives

FF Tab Widget

Admin Per Page Limits

Bulk Page Maker Light

Comments by Post Type

AH Sidebar Box

Massive Replacer Developer Profile

How We Detect Massive Replacer

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Massive Replacer