Does Micropub have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Micropub compatible with WordPress 7.0?

According to WordPress.org data, Micropub 2.5.0 has been tested up to WordPress 7.0. Check the plugin's changelog for the latest compatibility information.

Is Micropub compatible with PHP 7.2+?

Micropub requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Micropub updated?

Micropub was last updated on Mar 28, 2026. Frequent updates are generally a positive security signal.

What is Micropub's security score?

Micropub has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Micropub Security & Risk Analysis

wordpress.org/plugins/micropub

Allows you to publish to your site using Micropub clients.

200 active installs v2.5.0 PHP 7.2+ WP 4.9.9+ Updated Mar 28, 2026

indiewebmicroformatsmicropubpublish

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Micropub Safe to Use in 2026?

Generally Safe

Score 100/100

Micropub has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The micropub plugin v2.4.0 demonstrates a generally strong security posture, with no identified vulnerabilities in its history and excellent practices in its static analysis. The code correctly utilizes prepared statements for all SQL queries and ensures all output is properly escaped, mitigating common risks like SQL injection and cross-site scripting. The absence of file operations and external HTTP requests further reduces the attack surface. The plugin also correctly implements capability checks for its operations, though the lack of explicit nonce checks on its few entry points is a minor concern. The presence of two `unserialize` calls, even without identified taint flows in this analysis, represents a potential risk if untrusted data were ever to be passed to them in future updates or different contexts. Overall, this version appears secure with very low immediate risk, but the `unserialize` calls warrant cautious monitoring.

Key Concerns

Use of unserialize without input sanitization
Missing nonce checks on entry points

Vulnerabilities

None known

Micropub Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Micropub Release Timeline

v2.5.0Current

v2.4.0

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.0

v2.0.11

v2.0.10

v2.0.9

v2.0.8

v2.0.7

v2.0.6

v2.0.5

Code Analysis

Analyzed Mar 16, 2026

Micropub Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

15 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$cur = $meta[ $key ][0] ? unserialize( $meta[ $key ][0] ) : array();includes\class-micropub-endpoint.php:1040

unserialize$existing = unserialize( $meta[ $key ][0] );includes\class-micropub-endpoint.php:1054

Output Escaping

100% escaped15 total outputs

Attack Surface

Micropub Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 16

actionplugins_loadedincludes\class-micropub-endpoint.php:3

actionwp_headincludes\class-micropub-endpoint.php:29

actionsend_headersincludes\class-micropub-endpoint.php:30

filterhost_metaincludes\class-micropub-endpoint.php:31

filterwebfinger_user_dataincludes\class-micropub-endpoint.php:32

actionrest_api_initincludes\class-micropub-endpoint.php:35

filterrest_request_after_callbacksincludes\class-micropub-endpoint.php:37

actionplugins_loadedincludes\class-micropub-media.php:3

actionrest_api_initincludes\class-micropub-media.php:14

actionwp_headincludes\class-micropub-media.php:17

actionsend_headersincludes\class-micropub-media.php:18

filterhost_metaincludes\class-micropub-media.php:19

filterwebfinger_user_dataincludes\class-micropub-media.php:20

filterthe_contentincludes\class-micropub-render.php:8

actionadmin_noticesmicropub.php:66

actionadmin_noticesmicropub.php:78

Maintenance & Trust

Micropub Maintenance & Trust

Maintenance Signals

WordPress version tested7.0

Last updatedMar 28, 2026

PHP min version7.2

Downloads19K

Community Trust

Rating100/100

Number of ratings4

Active installs200

Alternatives

Micropub Alternatives

Microformats 2

wp-uf2

Enhances your WordPress theme with Microformats 2 classes.

200 No CVEs

MF2 Feeds

mf2-feed

100

Add Microformats2 Feeds for WordPress

30 No CVEs

Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories

post-expirator

PublishPress Future can make scheduled changes to your content. You can unpublish posts, move posts to a new status, update the categories, and more.

100K 7 CVEs

WebSub (FKA. PubSubHubbub)

pubsubhubbub

100

A WebSub plugin for WordPress that enables real-time publishing and subscription capabilities.

100K 1 CVE

PowerPress Podcasting plugin by Blubrry

powerpress

No. 1 Podcasting plugin for WordPress.

30K 21 CVEs

Developer Profile

Micropub Developer Profile

IndieWeb

5 plugins · 1K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

4 days

View full developer profile

Detection Fingerprints

How We Detect Micropub

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

REST Endpoints

/micropub/1.0/endpoint

FAQ