Does Master Query Loop have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Master Query Loop compatible with WordPress 6.2.9?

According to WordPress.org data, Master Query Loop 1.0.1 has been tested up to WordPress 6.2.9. Check the plugin's changelog for the latest compatibility information.

Is Master Query Loop compatible with PHP 7.0+?

Master Query Loop requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Master Query Loop updated?

Master Query Loop was last updated on Jun 12, 2023. Frequent updates are generally a positive security signal.

What is Master Query Loop's security score?

Master Query Loop has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Master Query Loop Security & Risk Analysis

wordpress.org/plugins/master-query-loop

The plugin helps you to add advanced features to the WordPress core query loop block: get specific posts, popular posts and more!

0 active installs v1.0.1 PHP 7.0+ WP 5.9+ Updated Jun 12, 2023

blockblock-editorpopular-postsquery-loopspecific-posts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Master Query Loop Safe to Use in 2026?

Generally Safe

Score 85/100

Master Query Loop has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The 'master-query-loop' plugin, version 1.0.1, exhibits a strong security posture based on the provided static analysis. The absence of dangerous functions, proper utilization of prepared statements for all SQL queries, and 100% output escaping indicate robust coding practices. Furthermore, the plugin has no recorded vulnerabilities, including critical or high severity ones, which suggests a history of secure development and maintenance. The limited attack surface and the presence of capability checks also contribute positively to its security. However, a notable observation is the absence of nonce checks and the zero analysis of taint flows. While no critical issues were found, the lack of explicit checks for nonce validation on potential entry points (even if none are currently identified) and the absence of taint analysis could leave the plugin susceptible to unforeseen vulnerabilities if the attack surface were to expand or if existing code paths were to become exploitable through future modifications. Overall, the plugin appears to be secure for its current version and known history, but a proactive approach to implementing nonce checks and ensuring comprehensive taint analysis would further enhance its resilience.

Vulnerabilities

None known

Master Query Loop Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Master Query Loop Release Timeline

v1.0.1Current

v1.0.0

Code Analysis

Analyzed Apr 16, 2026

Master Query Loop Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

14 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped14 total outputs

Attack Surface

Master Query Loop Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actionadmin_initinc/mql-setting.php:45

actionadmin_menuinc/mql-setting.php:116

actionenqueue_block_editor_assetsmaster-query-loop.php:48

filterquery_loop_block_query_varsmaster-query-loop.php:79

filterpre_render_blockmaster-query-loop.php:83

actioninitmaster-query-loop.php:106

filterrest_post_querymaster-query-loop.php:109

actiontemplate_redirectmaster-query-loop.php:138

Maintenance & Trust

Master Query Loop Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedJun 12, 2023

PHP min version7.0

Downloads763

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Master Query Loop Alternatives

Query Loop Load More

query-loop-load-more

100

This WordPress plugin adds a load more option to the Query Loop Pagination block in Gutenberg, allowing users to load more posts without refreshing th …

500 No CVEs

Cherry Pick for Query Loop

cherry-pick-for-query-loop

100

Pick specific posts for Query Loop block and display them in your preferred order.

0 No CVEs

Random Posts for Query Loop Block

random-posts-for-query-loop-block

100

Adds "rand" to the REST API orderby options so the Query Loop block can use random post order safely without breaking the Site Editor preview.

0 No CVEs

Classic Editor

classic-editor

100

Enables the previous "classic" editor and the old-style Edit Post screen with TinyMCE, Meta Boxes, etc. Supports all plugins that extend this screen.

9.0M No CVEs

Starter Templates – AI-Powered Templates for Elementor & Gutenberg

astra-sites

The growing library of 300+ ready-to-use templates that work with all WordPress themes including Astra, Hello, OceanWP, GeneratePress and more

2.0M 7 CVEs

Developer Profile

Master Query Loop Developer Profile

dat09.vuquoc

2 plugins · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Master Query Loop

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/master-query-loop/build/index.js/wp-content/plugins/master-query-loop/build/index.css

Script Paths

/wp-content/plugins/master-query-loop/build/index.js

Version Parameters

master-query-loop/build/index.js?ver=master-query-loop/build/index.css?ver=

HTML / DOM Fingerprints

Data Attributes

mql_custom_data="custom"

REST Endpoints

/wp-json/master-query-loop/

FAQ