Does Neon text have any unpatched vulnerabilities?

No. All known vulnerabilities in Neon text have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Neon text compatible with WordPress 6.3.8?

According to WordPress.org data, Neon text 1.3 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

Is Neon text compatible with PHP 5.4+?

Neon text requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Neon text updated?

Neon text was last updated on Oct 26, 2023. Frequent updates are generally a positive security signal.

What is Neon text's security score?

Neon text has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Neon text Security & Risk Analysis

wordpress.org/plugins/neon-text

Plugin for neon text effect.

200 active installs v1.3 PHP 5.4+ WP 4.1+ Updated Oct 26, 2023

animated-counters

A · Safe

CVEs total1

Unpatched0

Last CVEOct 26, 2023

Download

Safety Verdict

Is Neon text Safe to Use in 2026?

Generally Safe

Score 85/100

Neon text has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 26, 2023Updated 2yr ago

Risk Assessment

The neon-text plugin version 1.3 exhibits a mixed security posture. On the positive side, the static analysis reveals no dangerous function calls, no raw SQL queries (all use prepared statements), no file operations, no external HTTP requests, and no bundled libraries. This suggests an effort to adhere to secure coding practices in these areas. The absence of AJAX handlers and REST API routes, along with zero unprotected entry points, is also a good sign, minimizing common attack vectors.

However, a significant concern arises from the output escaping. With 3 total outputs and 0% properly escaped, this indicates a high likelihood of Cross-Site Scripting (XSS) vulnerabilities. This is further corroborated by the vulnerability history, which shows one past CVE specifically related to XSS, and the fact that this vulnerability was only recently patched. The absence of nonce and capability checks on the identified entry points (shortcodes) also presents a risk, as it potentially allows for unauthorized actions or data manipulation if these shortcodes accept user-controlled input.

In conclusion, while the plugin has strengths in its avoidance of dangerous functions and raw SQL, the critical lack of output escaping and the historical pattern of XSS vulnerabilities are substantial weaknesses. The absence of authentication checks on shortcodes adds another layer of concern. Users should be particularly wary of the XSS risk until this is definitively addressed and verified.

Key Concerns

0% output escaping
No capability checks on entry points
Past XSS vulnerability

Vulnerabilities

Neon text Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-5817medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Neon text <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 26, 2023 Patched in 1.2 (89d)

Code Analysis

Analyzed Mar 16, 2026

Neon text Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped3 total outputs

Attack Surface

Neon text Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[neontext] neon-text.php:62

[neontext_box] neon-text.php:67

WordPress Hooks 3

actionplugins_loadedneon-text.php:11

actionwp_enqueue_scriptsneon-text.php:25

actionadmin_menuneon-text.php:72

Maintenance & Trust

Neon text Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedOct 26, 2023

PHP min version5.4

Downloads5K

Community Trust

Rating100/100

Number of ratings1

Active installs200

Alternatives

Neon text Alternatives

No alternatives data available yet.

Developer Profile

Neon text Developer Profile

ERALION

2 plugins · 200 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

89 days

View full developer profile

Detection Fingerprints

How We Detect Neon text

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/neon-text/css/app.css/wp-content/plugins/neon-text/js/jquery.novacancy.min.js/wp-content/plugins/neon-text/js/app.js

Script Paths

/wp-content/plugins/neon-text/js/jquery.novacancy.min.js/wp-content/plugins/neon-text/js/app.js

Version Parameters

neon-text/css/app.css?ver=neon-text/js/jquery.novacancy.min.js?ver=neon-text/js/app.js?ver=

HTML / DOM Fingerprints

CSS Classes

novacancynbneontextboard_wrapboard

Data Attributes

novacancy-iddata-colordata-reblinkProbabilitydata-blinkMindata-blinkMaxdata-loopMin+3 more

JS Globals

nbneontext

Shortcode Output

<span id="nbneontext_class="nbneontext"<data class="novacancy on"><div class="board_wrap"><div class="board"><h1>

FAQ