Does MQTT-Plug have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is MQTT-Plug compatible with WordPress 6.9.4?

According to WordPress.org data, MQTT-Plug 1.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is MQTT-Plug compatible with PHP 7.4+?

MQTT-Plug requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is MQTT-Plug updated?

MQTT-Plug was last updated on Feb 5, 2026. Frequent updates are generally a positive security signal.

What is MQTT-Plug's security score?

MQTT-Plug has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MQTT-Plug Security & Risk Analysis

wordpress.org/plugins/mqtt-plug

Real-time MQTT dashboards inside WordPress. Connect securely over WebSocket (WS/WSS) and visualize live IoT data, logs, and events.

10 active installs v1.0 PHP 7.4+ WP 6.0+ Updated Feb 5, 2026

dashboardsiotmqttrealtimewebsocket

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is MQTT-Plug Safe to Use in 2026?

Generally Safe

Score 100/100

MQTT-Plug has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "mqtt-plug" plugin version 1.0 demonstrates a generally good security posture based on the provided static analysis. The absence of dangerous functions, file operations, and external HTTP requests is a positive sign. The plugin exclusively uses prepared statements for SQL queries, which is a best practice for preventing SQL injection vulnerabilities. Furthermore, the plugin has a strong output escaping rate (87%), indicating an effort to mitigate cross-site scripting (XSS) risks. The capability checks are also present, which is important for authorization.

Key Concerns

Missing nonce checks on entry points
13% of outputs are not properly escaped

Vulnerabilities

None known

MQTT-Plug Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

MQTT-Plug Release Timeline

v1.0Current

Code Analysis

Analyzed Mar 17, 2026

MQTT-Plug Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

163 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

87% escaped188 total outputs

Attack Surface

MQTT-Plug Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[mqtt_plug] mqtt-plug.php:33

WordPress Hooks 6

actionadmin_menumqtt-plug.php:28

actionadmin_initmqtt-plug.php:29

filterkses_allowed_protocolsmqtt-plug.php:31

actionwp_enqueue_scriptsmqtt-plug.php:32

actionrest_api_initmqtt-plug.php:35

actionwp_footermqtt-plug.php:481

Maintenance & Trust

MQTT-Plug Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 5, 2026

PHP min version7.4

Downloads196

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

MQTT-Plug Alternatives

LED-SITE-INDICATOR

led-site-indicator

LED-SITE-INDICATOR connects WordPress to the LED Website Indicator IOT device.

10 No CVEs

Mesh-Plug for Meshtastic

mesh-plug

100

Lightweight Meshtastic/MQTT viewer for WordPress via MQTT over WebSocket (WS/WSS).

0 No CVEs

WordSocket

wordsocket

100

WordSocket is the official WordPress plugin for WPSignal (wpsignal.io), a third-party WebSocket/SSE delivery service.

0 No CVEs

WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards

wp-data-access

Turn your data into WordPress apps with tables, forms, charts & maps — no code required, with optional hooks for developers. Supports 35+ languages.

10K 7 CVEs

Piotnet Forms

piotnetforms

Piotnet Forms - Highly Customizable WordPress Form Builder

2K 4 unpatched

Developer Profile

MQTT-Plug Developer Profile

POTAR

4 plugins · 20 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect MQTT-Plug

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/mqtt-plug/mqtt-plug.css/wp-content/plugins/mqtt-plug/mqtt-plug.js

Script Paths

/wp-content/plugins/mqtt-plug/mqtt-plug.js

Version Parameters

mqtt-plug/mqtt-plug.css?ver=mqtt-plug/mqtt-plug.js?ver=

HTML / DOM Fingerprints

CSS Classes

mqtt-plug-live-viewermqtt-plug-observer-viewer

HTML Comments

MQTT-Plug Live ViewerMQTT-Plug Observer Viewer

Data Attributes

data-mqtt-plug-ws-urldata-mqtt-plug-usernamedata-mqtt-plug-passworddata-mqtt-plug-client-prefixdata-mqtt-plug-keepalivedata-mqtt-plug-reconnect-ms+10 more

JS Globals

MQTT_Plug_Config

REST Endpoints

/wp-json/mqtt-plug/v1/status/wp-json/mqtt-plug/v1/snapshot

Shortcode Output

[mqtt_plugmqtt_plug_live_viewermqtt_plug_observer_viewer

FAQ