Does Merry Christmas Everyone have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Merry Christmas Everyone compatible with WordPress 4.1.42?

According to WordPress.org data, Merry Christmas Everyone 1.0.7 has been tested up to WordPress 4.1.42. Check the plugin's changelog for the latest compatibility information.

How often is Merry Christmas Everyone updated?

Merry Christmas Everyone was last updated on Dec 23, 2014. Frequent updates are generally a positive security signal.

What is Merry Christmas Everyone's security score?

Merry Christmas Everyone has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Merry Christmas Everyone Security & Risk Analysis

wordpress.org/plugins/merry-christmas-everyone

Merry Christmas! Santa is flying here with gifts, happiness, candies and snow and much, much more. Come on in and check us out!

10 active installs v1.0.7 PHP + WP 2.8+ Updated Dec 23, 2014

animatecolored-snowflying-santamerry-christmassanta

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Merry Christmas Everyone Safe to Use in 2026?

Generally Safe

Score 85/100

Merry Christmas Everyone has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The "merry-christmas-everyone" v1.0.7 plugin exhibits a mixed security posture. On the positive side, the plugin demonstrates strong practices regarding SQL query handling, exclusively using prepared statements, and has no recorded historical vulnerabilities or CVEs, suggesting a diligent development approach or a lack of prior security scrutiny. The absence of file operations and external HTTP requests further reduces the potential attack surface. However, a significant concern arises from the complete lack of output escaping. With 15 outputs analyzed and 0% properly escaped, this indicates a high probability of Cross-Site Scripting (XSS) vulnerabilities. This weakness, coupled with the absence of nonce and capability checks on any potential entry points (though the static analysis reports zero entry points), creates a critical risk. Even if the attack surface is currently minimal, any future expansion without proper input validation and output sanitization could lead to severe security breaches.

Key Concerns

All output is unescaped
No nonce checks found
No capability checks found

Vulnerabilities

None known

Merry Christmas Everyone Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Merry Christmas Everyone Release Timeline

No version history available.

Code Analysis

Analyzed Mar 17, 2026

Merry Christmas Everyone Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped15 total outputs

Attack Surface

Merry Christmas Everyone Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionwp_enqueue_scriptsmerry-christmas-everyone.php:18

actionwp_footermerry-christmas-everyone.php:164

actionadmin_menumerry-christmas-everyone.php:167

actionadmin_initmerry-christmas-everyone.php:168

Maintenance & Trust

Merry Christmas Everyone Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42

Last updatedDec 23, 2014

PHP min version

Downloads19K

Community Trust

Rating74/100

Number of ratings7

Active installs10

Alternatives

Merry Christmas Everyone Alternatives

LoftLoader

loftloader

100

An easy to use plugin to add an animated preloader to your website with fully customisations.

70K No CVEs

Animate It!

animate-it

Add cool CSS3 animations to your content.

30K 4 CVEs

Countdown Timer Ultimate

countdown-timer-ultimate

100

A quick, easy way to add and display responsive Countdown timer on your website. Also work with Gutenberg shortcode block.

20K No CVEs

Typing Effect

animated-typing-effect

Create an animated typing effect that allows words to be 'typed out' on to a post or page.

10K 1 CVE

Animations for Blocks

animations-for-blocks

100

Allows to add animations to block editor blocks on scroll.

10K No CVEs

Developer Profile

Merry Christmas Everyone Developer Profile

Sandeep Verma

10 plugins · 1K total installs

trust score

Avg Security Score

80/100

Avg Patch Time

392 days

View full developer profile

Detection Fingerprints

How We Detect Merry Christmas Everyone

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/merry-christmas-everyone/js/tripleflap.js/wp-content/plugins/merry-christmas-everyone/js/xmas.js/wp-content/plugins/merry-christmas-everyone/images/santa.png

Script Paths

/wp-content/plugins/merry-christmas-everyone/js/tripleflap.js/wp-content/plugins/merry-christmas-everyone/js/xmas.js/wp-content/plugins/merry-christmas-everyone/js/snow.js

HTML / DOM Fingerprints

CSS Classes

santa1santa2

Data Attributes

name="xmas_url"name="xmas_media"name="xmas_mp3"name="xmas_ogg"name="santas"

JS Globals

jsFileVariables

Shortcode Output

<div id="santa" style="position:absolute;bottom:20px; right:5px;"><audio autoplay controls="controls" loop="loop" style="height: 0px; width:0px;"><source src="

FAQ