Does MultiReplace have any unpatched vulnerabilities?

No. All known vulnerabilities in MultiReplace have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is MultiReplace compatible with WordPress 5.0.25?

According to WordPress.org data, MultiReplace 1.0.2 has been tested up to WordPress 5.0.25. Check the plugin's changelog for the latest compatibility information.

How often is MultiReplace updated?

MultiReplace was last updated on Nov 14, 2018. Frequent updates are generally a positive security signal.

What is MultiReplace's security score?

MultiReplace has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MultiReplace Security & Risk Analysis

wordpress.org/plugins/multireplace

With this plugin can you replace every string in wp_posts, post-meta and wp_options.

10 active installs v1.0.2 PHP + WP 3.0.1+ Updated Nov 14, 2018

postpost_metareplacestringurl

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is MultiReplace Safe to Use in 2026?

Generally Safe

Score 85/100

MultiReplace has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "multireplace" plugin v1.0.2 exhibits significant security concerns despite a lack of historical vulnerabilities. The static analysis reveals that 100% of SQL queries are not using prepared statements, posing a high risk of SQL injection. Additionally, a concerning 100% of output operations are not properly escaped, indicating a strong potential for cross-site scripting (XSS) vulnerabilities. While the plugin has no recorded CVEs, this absence does not guarantee safety; it could simply mean the plugin hasn't been extensively audited or that vulnerabilities exist but haven't been publicly disclosed.

The plugin's attack surface is reported as zero, which is generally a positive sign. However, this could be misleading if the entry points are not being properly validated or if the analysis missed certain aspects. The absence of capability checks, nonce checks, and proper output escaping across all identified outputs, coupled with raw SQL queries, are major red flags. Without these fundamental security mechanisms, any interaction with the plugin's code, even if not exposed through typical WordPress hooks, could potentially be exploited.

In conclusion, while the lack of historical vulnerabilities is a weak positive, the static analysis results paint a worrying picture. The prevalence of unescaped output and raw SQL queries without prepared statements are critical security weaknesses that expose the plugin and the sites using it to severe risks. A thorough security audit is strongly recommended to identify and remediate these issues before they can be exploited.

Key Concerns

SQL queries not using prepared statements
Output escaping not properly implemented
No nonce checks
No capability checks

Vulnerabilities

None known

MultiReplace Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

MultiReplace Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared2 total queries

Output Escaping

0% escaped3 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

multiReplacelAdminPage (class\MultiReplace.php:17)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

MultiReplace Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actionadmin_menuclass\MultiReplace.php:10

Maintenance & Trust

MultiReplace Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25

Last updatedNov 14, 2018

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

MultiReplace Alternatives

Better Search Replace

better-search-replace

A simple plugin to update URLs or other text in a database.

1.0M 2 CVEs

Custom Post Type Permalinks

custom-post-type-permalinks

Edit the permalink of custom post type.

200K No CVEs

Go Live Update Urls

go-live-update-urls

100

Change the domain on your site with one click.

80K No CVEs

Search & Replace Everything – Quick and Easy Way to Find and Replace Text, Links

update-urls

100

Quick and Easy way to search all URLS, Content and replace them with new links and content in WordPress website.

20K No CVEs

Pure Metafields

pure-metafields

100

Pure Metafields is very light weight plugin tused to create custom metabox for any post type like page, post and your custom post type support it.

10K No CVEs

Developer Profile

MultiReplace Developer Profile

rtowebsites

5 plugins · 62K total installs

trust score

Avg Security Score

93/100

Avg Patch Time

112 days

View full developer profile

Detection Fingerprints

How We Detect MultiReplace

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

card

Shortcode Output

<h2>MultiReplace</h2><form action="?page=multireplace" method="post">Search:<br /> <input type="text" name="multireplace-search"

FAQ