Does mklasen's FAQ have any unpatched vulnerabilities?

No. All known vulnerabilities in mklasen's FAQ have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is mklasen's FAQ compatible with WordPress 4.1.42?

According to WordPress.org data, mklasen's FAQ 1.1 has been tested up to WordPress 4.1.42. Check the plugin's changelog for the latest compatibility information.

How often is mklasen's FAQ updated?

mklasen's FAQ was last updated on Jan 10, 2018. Frequent updates are generally a positive security signal.

What is mklasen's FAQ's security score?

mklasen's FAQ has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

mklasen's FAQ Security & Risk Analysis

wordpress.org/plugins/mklasens-faq

Add easy Frequently Asked Questions to your WordPress website. Answers are shown (slide-down) after a visitor clicks on a question.

10 active installs v1.1 PHP + WP 3.5+ Updated Jan 10, 2018

askedfaqfrequentlyquestionsveelgestelde

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is mklasen's FAQ Safe to Use in 2026?

Generally Safe

Score 85/100

mklasen's FAQ has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "mklasens-faq" plugin v1.1 exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices by utilizing prepared statements for all its SQL queries and lacks any known historical vulnerabilities. Furthermore, the plugin has a very small attack surface, with only one shortcode as an entry point and no AJAX handlers, REST API routes, or cron events to scrutinize. There are also no file operations or external HTTP requests, which generally reduces risk.

However, a significant concern arises from the complete lack of output escaping. With 4 identified output points and 0% properly escaped, this leaves the plugin vulnerable to Cross-Site Scripting (XSS) attacks. Any data rendered to the frontend, especially if it originates from user input or external sources that could be manipulated, would be susceptible. The absence of nonce checks and capability checks, while not directly exploitable in this version due to the limited attack surface, represents a missed opportunity for robust security and could become a liability if the plugin's functionality expands or integration with other systems occurs.

In conclusion, while the plugin's SQL practices and vulnerability history are excellent, the critical flaw of unescaped output presents a tangible risk. The absence of authorization checks, though not currently problematic, is a weakness that should be addressed as a preventative measure. The plugin is otherwise well-coded in terms of its direct database interactions and lack of exploitable historical issues.

Key Concerns

No output escaping
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

mklasen's FAQ Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

mklasen's FAQ Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped4 total outputs

Attack Surface

mklasen's FAQ Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[faq] mklasens-faq.php:165

WordPress Hooks 7

actioninitmklasens-faq.php:92

actionwp_enqueue_scriptsmklasens-faq.php:109

actionadd_meta_boxesmklasens-faq.php:193

actionadmin_enqueue_scriptsmklasens-faq.php:234

actionmedia_buttonsmklasens-faq.php:279

filtermanage_edit-faq_columnsmklasens-faq.php:288

actionmanage_faq_posts_custom_columnmklasens-faq.php:290

Maintenance & Trust

mklasen's FAQ Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42

Last updatedJan 10, 2018

PHP min version

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

mklasen's FAQ Alternatives

Accordion FAQ – Compatible With All Page Builder (Elementor, Gutenberg)

responsive-accordion-and-collapse

100

Accordion And Collapse is the most easiest drag & drop accordion builder for WordPress. You can add multiple accordion and collapse with this.

40K No CVEs

WP responsive FAQ with category plugin

sp-faq

100

A quick, easy way to add an responsive FAQs page. You can use this plugin as a jQuery UI accordion. Also work with Gutenberg shortcode block.

4K No CVEs

SFN Easy FAQ Manager

wordpress-faq-manager

100

Uses custom post types and taxonomies to manage an FAQ section for your site.

2K No CVEs

Master Accordion ( Former WP Awesome FAQ Plugin )

wp-awesome-faq

Best WordPress Accordion Plugin for WordPress. Master Accordion re-branded with lots new features and customization options

800 No CVEs

FAQ Concertina

faq-concertina

Display FAQs in an expandable concertina or accordion section. FAQs can be ordered and categorised, and their appearance can be customised.

700 No CVEs

Developer Profile

mklasen's FAQ Developer Profile

Marinus Klasen

5 plugins · 100 total installs

trust score

Avg Security Score

86/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect mklasen's FAQ

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mklasens-faq/css/index.css/wp-content/plugins/mklasens-faq/js/index.js

Script Paths

/wp-content/plugins/mklasens-faq/js/index.js

Version Parameters

mklasens-faq/css/index.css?ver=mklasens-faq/js/index.js?ver=

HTML / DOM Fingerprints

CSS Classes

mklasens-faqparent-postsquestioniconanswerchild-postsmklasens_select_faq

Data Attributes

data-id

Shortcode Output

<div class="mklasens-faq"><div class="parent-posts" data-id="<div data-id=" class="question"><div class="icon"></div>

FAQ