Does Metaverse ID have any unpatched vulnerabilities?

No. All known vulnerabilities in Metaverse ID have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Metaverse ID compatible with WordPress 3.6.1?

According to WordPress.org data, Metaverse ID 1.2.8 has been tested up to WordPress 3.6.1. Check the plugin's changelog for the latest compatibility information.

How often is Metaverse ID updated?

Metaverse ID was last updated on Aug 19, 2013. Frequent updates are generally a positive security signal.

What is Metaverse ID's security score?

Metaverse ID has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Metaverse ID Security & Risk Analysis

wordpress.org/plugins/metaverse-id

Display your identity from around the metaverse!

10 active installs v1.2.8 PHP + WP 2.8+ Updated Aug 19, 2013

idmetaversemv-idwidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Metaverse ID Safe to Use in 2026?

Generally Safe

Score 85/100

Metaverse ID has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The metaverse-id plugin, version 1.2.8, presents a mixed security posture. While it boasts a seemingly small attack surface with no registered AJAX handlers, REST API routes, shortcodes, or cron events, this could also indicate a lack of functionality or a deliberate effort to minimize exposure. However, the presence of 6 instances of the dangerous `unserialize` function is a significant concern, as it can lead to Remote Code Execution if data passed to it is not properly sanitized and comes from an untrusted source. The static analysis also flags 3 taint flows with unsanitized paths, although none are classified as critical or high severity, they still represent potential vulnerabilities.

Despite the absence of known CVEs and past vulnerabilities, the code itself raises red flags. The significant percentage of outputs that are not properly escaped (54%) increases the risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the complete lack of nonce and capability checks across all entry points (even though there are none explicitly listed) is concerning. This means that any potential future entry points or existing hidden ones would be unprotected. The plugin also makes 4 external HTTP requests, which could be a vector for SSRF or other network-based attacks if the target URLs are not validated.

Key Concerns

Dangerous function unserialize used 6 times
3 taint flows with unsanitized paths
Only 54% of output properly escaped
0 nonce checks found
0 capability checks found
4 external HTTP requests made

Vulnerabilities

None known

Metaverse ID Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Metaverse ID Code Analysis

Dangerous Functions

Raw SQL Queries

32 prepared

Unescaped Output

52 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$vcard->cache = unserialize($vcard->cache);abstracts.php:282

unserialize$config = unserialize($config);metaverses\eve.php:81

unserializereturn unserialize($cache);mv-id.php:416

unserialize$cache[$k] = unserialize($v[0]);mv-id.php:439

unserializeself::$mv_ids[$user_ID][$k]->cache = unserialize($v->cache);mv-id.php:507

unserialize$row->cache = unserialize($row->cache);mv-id.php:534

SQL Query Safety

97% prepared33 total queries

Output Escaping

46% escaped114 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

3 flows3 with unsanitized paths

user_ids (mv-id.php:805)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Metaverse ID Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 25

filtermv_id_linkifylinkify.php:229

actionmv_id_plugin__register_metaversesmetaverses\champions-online.php:168

actionmv_id_plugin__register_metaversesmetaverses\eq.php:163

actionmv_id_plugin__register_metaversesmetaverses\eq2.php:266

actionmv_id_plugin__register_metaversesmetaverses\eve.php:147

actionmv_id_plugin__register_metaversesmetaverses\free-realms.php:98

actionmv_id_plugin__register_metaversesmetaverses\lotro.php:176

actionmv_id_plugin__register_metaversesmetaverses\pq.php:150

actionmv_id_plugin__register_metaversesmetaverses\second-life.php:194

actionmv_id_plugin__register_metaversesmetaverses\second-life.php:195

filterpost_output_mv_id_vcardmetaverses\second-life.php:197

actionmv_id_plugin__register_metaversesmetaverses\star-trek-online.php:111

actionmv_id_plugin__register_metaversesmetaverses\wow.php:202

actionmv_id_plugin__register_metaversesmetaverses\wow.php:203

actionadmin_print_scriptsmv-id.php:296

filterplugin_action_linksmv-id.php:628

actionwidgets_initmv-id.php:1181

actionmv_id_plugin__regenerate_cachemv-id.php:1182

actionmv_id_plugin__output_vcardmv-id.php:1183

actionadmin_menumv-id.php:1184

actionplugins_loadedmv-id.php:1185

actionwidgets_initmv-id.php:1186

actiondelete_usermv-id.php:1187

actionprofile_updatemv-id.php:1188

actionadmin_headmv-id.php:1189

Maintenance & Trust

Metaverse ID Maintenance & Trust

Maintenance Signals

WordPress version tested3.6.1

Last updatedAug 19, 2013

PHP min version

Downloads6K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Metaverse ID Alternatives

Classic Widgets

classic-widgets

100

Enables the previous "classic" widgets settings screens in Appearance - Widgets and the Customizer. Disables the block editor from managing widgets.

2.0M No CVEs

ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor

elementskit-lite

Join millions who empower their websites with ElementsKit Elementor Addons. Get templates, & 100+ widgets like header-footer, mega menu, custom widget

2.0M 22 CVEs

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs

Ultimate Addons for Elementor

header-footer-elementor

Powerful Elementor addon with advanced Elementor widgets, templates, WooCommerce widgets & Header-Footer builder to build professional websites fa …

2.0M 12 CVEs

Smash Balloon Social Photo Feed – Easy Social Feeds Plugin

instagram-feed

Formerly "Instagram Feed". Display clean, customizable, and responsive Instagram feeds from multiple accounts. Supports Instagram oEmbeds.

1.0M 4 CVEs

Developer Profile

Metaverse ID Developer Profile

signpostmarv

3 plugins · 120 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Metaverse ID

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

innerContentTitleFieldprofile_champprofile_level_numstatsBioText

Data Attributes

id="profile_champ"id="profile_level_num"id="charPic"

FAQ