WP-Safety

MoeSec Security – Comprehensive Malware Scanner & Security Suite Security & Risk Analysis

wordpress.org/plugins/moesec

MoeSec Security is a comprehensive plugin for Malware Scanning, Monitoring, Integrity, Security Hardening and Protection.

30 active installs v2.1 PHP + WP 5.0+ Updated Dec 9, 2025
antivirusfirewallmalwarescannersecurity
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is MoeSec Security – Comprehensive Malware Scanner & Security Suite Safe to Use in 2026?

Generally Safe

Score 100/100

MoeSec Security – Comprehensive Malware Scanner & Security Suite has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "moesec" plugin v2.1 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The plugin demonstrates good practices by implementing nonce checks and capability checks on a significant portion of its entry points, and notably, all identified AJAX handlers appear to have authentication checks. The absence of any known CVEs or recorded vulnerability history further reinforces this positive outlook. However, there are areas that warrant attention. The presence of unsanitized paths in the taint analysis, although not classified as critical or high severity, indicates potential vectors for localized issues like directory traversal if combined with other weaknesses. Furthermore, while a majority of SQL queries utilize prepared statements, a substantial percentage (48%) do not, posing a risk of SQL injection vulnerabilities.

While the plugin has a clean vulnerability history, which is a significant strength, the internal code analysis reveals areas for improvement. The number of file operations (44) and external HTTP requests (5) are not inherently problematic but, in combination with any future security flaws, could become attack vectors. The plugin's strength lies in its apparent diligence with authentication and nonces. The primary concerns are the taint flows with unsanitized paths and the significant proportion of SQL queries that are not prepared. These are fundamental security weaknesses that, if exploited, could lead to data compromise or unauthorized access.

Key Concerns

  • SQL queries without prepared statements
  • Flows with unsanitized paths
Vulnerabilities
None known

MoeSec Security – Comprehensive Malware Scanner & Security Suite Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

MoeSec Security – Comprehensive Malware Scanner & Security Suite Code Analysis

Dangerous Functions
0
Raw SQL Queries
10
11 prepared
Unescaped Output
103
254 escaped
Nonce Checks
43
Capability Checks
37
File Operations
44
External Requests
5
Bundled Libraries
0

SQL Query Safety

52% prepared21 total queries

Output Escaping

71% escaped357 total outputs
Data Flows
8 unsanitized

Data Flow Analysis

25 flows8 with unsanitized paths
moesec_backups_tab (includes\backups.php:114)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

MoeSec Security – Comprehensive Malware Scanner & Security Suite Attack Surface

Entry Points16
Unprotected0

AJAX Handlers 16

authwp_ajax_moesec_start_file_backupincludes\backups.php:30
authwp_ajax_moesec_start_db_backupincludes\backups.php:44
authwp_ajax_moesec_backup_progressincludes\backups.php:58
authwp_ajax_moesec_scan_progressincludes\file-db-scanner.php:7
authwp_ajax_moesec_ajax_scan_progressincludes\file-db-scanner.php:8
authwp_ajax_moesec_refresh_scan_resultsincludes\file-db-scanner.php:9
authwp_ajax_moesec_start_file_scanincludes\file-db-scanner.php:10
authwp_ajax_moesec_start_db_scanincludes\file-db-scanner.php:11
authwp_ajax_moesec_restore_quarantined_fileincludes\file-db-scanner.php:12
authwp_ajax_moesec_delete_quarantined_fileincludes\file-db-scanner.php:13
noprivwp_ajax_moesec_check_2fa_statusincludes\two-factor-auth.php:738
authwp_ajax_moesec_check_2fa_statusincludes\two-factor-auth.php:739
noprivwp_ajax_moesec_send_email_codeincludes\two-factor-auth.php:768
authwp_ajax_moesec_send_email_codeincludes\two-factor-auth.php:769
authwp_ajax_moesec_start_scanmoesec.php:156
authwp_ajax_moesec_scan_progressmoesec.php:171
WordPress Hooks 47
actionmoesec_background_file_backupincludes\backups.php:80
actionmoesec_background_db_backupincludes\backups.php:97
actionmoesec_auto_backupincludes\backups.php:779
filtercron_schedulesincludes\backups.php:787
actioninitincludes\bad-bot-blocking.php:50
actionlogin_enqueue_scriptsincludes\brute-force-protection.php:65
actionlogin_formincludes\brute-force-protection.php:66
filterauthenticateincludes\brute-force-protection.php:67
actionmoesec_run_file_scanincludes\file-db-scanner.php:599
actionmoesec_run_db_scanincludes\file-db-scanner.php:630
actioninitincludes\firewall.php:664
actionmoesec_daily_integrity_checkincludes\integrity-check.php:41
actionmoesec_weekly_integrity_checkincludes\integrity-check.php:42
actionmoesec_monthly_integrity_checkincludes\integrity-check.php:43
filterauthenticateincludes\login-protection.php:70
actionwp_login_failedincludes\login-protection.php:102
actionwp_loginincludes\login-protection.php:130
filtercron_schedulesincludes\scheduled-scans.php:52
actionmoesec_daily_scanincludes\scheduled-scans.php:55
actionmoesec_weekly_scanincludes\scheduled-scans.php:56
actionmoesec_monthly_scanincludes\scheduled-scans.php:57
actionmoesec_daily_signature_updateincludes\signature-update.php:12
actionadmin_initincludes\signature-update.php:80
filterwp_mail_content_typeincludes\two-factor-auth.php:304
filterwp_mail_fromincludes\two-factor-auth.php:308
filterwp_mail_from_nameincludes\two-factor-auth.php:312
actionshow_user_profileincludes\two-factor-auth.php:348
actionedit_user_profileincludes\two-factor-auth.php:349
actionpersonal_options_updateincludes\two-factor-auth.php:460
actionedit_user_profile_updateincludes\two-factor-auth.php:461
actionlogin_formincludes\two-factor-auth.php:492
filterauthenticateincludes\two-factor-auth.php:805
actionadmin_menuincludes\two-factor-auth.php:893
actionsend_headersincludes\two-factor-auth.php:1108
actionplugins_loadedincludes\wp-hardening.php:288
filterthe_generatorincludes\wp-hardening.php:292
filterxmlrpc_enabledincludes\wp-hardening.php:297
filterxmlrpc_methodsincludes\wp-hardening.php:298
filterrest_endpointsincludes\wp-hardening.php:312
actionadmin_initincludes\wp-hardening.php:585
actionadmin_menumoesec.php:50
actionadmin_enqueue_scriptsmoesec.php:83
actioninitmoesec.php:111
actionmoesec_perform_scanmoesec.php:205
filterwp_mail_content_typemoesec.php:226
actionwp_mail_failedmoesec.php:232
filtercron_schedulesmoesec.php:244

Scheduled Events 16

moesec_background_file_backup
moesec_background_db_backup
moesec_auto_backup
moesec_background_file_backup
moesec_background_db_backup
moesec_run_file_scan
moesec_run_db_scan
moesec_daily_integrity_check
moesec_weekly_integrity_check
moesec_monthly_integrity_check
moesec_daily_integrity_check
moesec_daily_scan
moesec_weekly_scan
moesec_monthly_scan
moesec_daily_signature_update
moesec_perform_scan
Maintenance & Trust

MoeSec Security – Comprehensive Malware Scanner & Security Suite Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 9, 2025
PHP min version
Downloads1K

Community Trust

Rating100/100
Number of ratings2
Active installs30
Alternatives

MoeSec Security – Comprehensive Malware Scanner & Security Suite Alternatives

Virusdie – One-click website security

Virusdie – One-click website security

virusdie

A
95

Malware scanning & removal, website hardening, patching vulnerabilities, real-time protection against online attacks, blacklist monitoring in a click!

2K 4 CVEs
Wordfence Security – Firewall, Malware Scan, and Login Security

Wordfence Security – Firewall, Malware Scan, and Login Security

wordfence

A
96

Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.

5.0M 12 CVEs
Security Optimizer – The All-In-One Protection Plugin

Security Optimizer – The All-In-One Protection Plugin

sg-security

A
86

Secure your WordPress site from brute-force attacks, threats, malware, and bots. Free to use and easy to set up.

1.0M 5 CVEs
MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall

MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall

malcare-security

A
100

Get Bulletproof Security for your WordPress site. WordPress security plugin packed with comprehensive Firewall, malware scanner, cleaner & more.

200K No CVEs
Anti-Malware Security and Brute-Force Firewall

Anti-Malware Security and Brute-Force Firewall

gotmls

B
83

This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.

100K 9 CVEs
Developer Profile

MoeSec Security – Comprehensive Malware Scanner & Security Suite Developer Profile

MoeSec

1 plugin · 30 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect MoeSec Security – Comprehensive Malware Scanner & Security Suite

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/moesec/assets/css/moesec-style.css/wp-content/plugins/moesec/assets/js/moesec-script.js/wp-content/plugins/moesec/assets/js/moesec-scan.js
Script Paths
/wp-content/plugins/moesec/assets/js/moesec-script.js/wp-content/plugins/moesec/assets/js/moesec-scan.js
Version Parameters
moesec-style?ver=moesec-script?ver=moesec-scan?ver=

HTML / DOM Fingerprints

JS Globals
moesec_ajax
FAQ

Frequently Asked Questions about MoeSec Security – Comprehensive Malware Scanner & Security Suite