Does Meta Extension have any unpatched vulnerabilities?

No. All known vulnerabilities in Meta Extension have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Meta Extension compatible with WordPress 3.0.5?

According to WordPress.org data, Meta Extension 1.0.3 has been tested up to WordPress 3.0.5. Check the plugin's changelog for the latest compatibility information.

How often is Meta Extension updated?

Meta Extension was last updated on Jul 11, 2010. Frequent updates are generally a positive security signal.

What is Meta Extension's security score?

Meta Extension has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Meta Extension Security & Risk Analysis

wordpress.org/plugins/meta-extensions

Allows adding custom form fields to posts, storing them in custom meta fields. Integrates NGG, WT, and WP-DM.

10 active installs v1.0.3 PHP + WP 2.0.2+ Updated Jul 11, 2010

custom-fieldsfieldsmetameta-fieldsposts

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Meta Extension Safe to Use in 2026?

Generally Safe

Score 85/100

Meta Extension has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 15yr ago

Risk Assessment

The "meta-extensions" v1.0.3 plugin demonstrates a generally strong security posture based on the provided static analysis. The plugin has no identified CVEs in its history, suggesting a commitment to security or a lack of past vulnerabilities. The attack surface is completely zero, with no AJAX handlers, REST API routes, shortcodes, or cron events, which significantly reduces the potential for external exploitation. Furthermore, the absence of dangerous functions, file operations, and external HTTP requests are all positive indicators.

However, there are notable concerns regarding its handling of SQL queries. All six SQL queries are executed without prepared statements, a significant risk that could lead to SQL injection vulnerabilities if any user-supplied data is incorporated into these queries. While the taint analysis shows no unsanitized paths, this might be due to the limited flows analyzed or the absence of user input reaching those specific SQL queries. The output escaping is also only 43% properly escaped, which could lead to cross-site scripting (XSS) vulnerabilities if dynamic content is not adequately sanitized before display.

In conclusion, while the plugin's minimal attack surface and clean vulnerability history are strengths, the reliance on raw SQL queries and insufficient output escaping present critical areas of concern that require immediate attention to prevent potential security breaches.

Key Concerns

SQL queries not using prepared statements
Low percentage of properly escaped output

Vulnerabilities

None known

Meta Extension Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Meta Extension Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

3 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared6 total queries

Output Escaping

43% escaped7 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<metaext.class> (metaext.class.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Meta Extension Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 6

actionadmin_headmetaext.php:49

actionsimple_edit_formmetaext.php:51

actionedit_form_advancedmetaext.php:52

actionedit_postmetaext.php:53

actionsave_postmetaext.php:54

actionpublish_postmetaext.php:55

Maintenance & Trust

Meta Extension Maintenance & Trust

Maintenance Signals

WordPress version tested3.0.5

Last updatedJul 11, 2010

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Meta Extension Alternatives

JSM Show Post Metadata

jsm-show-post-meta

Show post metadata (aka custom fields) in a metabox when editing posts / pages - a great tool for debugging issues with post metadata.

10K 1 CVE

Add Custom Fields to Media

add-custom-fields-to-media

Add custom fields to media uploader and access them in template files. Great for copyrights, image meta etc.

80 1 CVE

WP Meta Sort Posts

wp-meta-sort-posts

This WordPress plugin allows blog admins to create pages with custom sorted lists of posts using simple queries specified in a shortcode.

20 No CVEs

Custom Field Builder – WordPress custom fields plugin

custom-field-builder

Custom Field Builder is a powerful and lightweight developer plugin to create custom meta boxes and custom fields for WordPress.

10 No CVEs

Display Custom Fields

display-custom-fields

This plugin allows you to display the value of a custom field on a page or post. Permitted values are raw text, html, javascript, javascript file url, …

10 No CVEs

Developer Profile

Meta Extension Developer Profile

sroyalty

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Meta Extension

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/meta-extensions/admin.css

HTML / DOM Fingerprints

CSS Classes

metaext-span

FAQ