Does NERD WP Plugin have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is NERD WP Plugin compatible with WordPress 5.8.13?

According to WordPress.org data, NERD WP Plugin 1.2.5 has been tested up to WordPress 5.8.13. Check the plugin's changelog for the latest compatibility information.

Is NERD WP Plugin compatible with PHP 5.6.35+?

NERD WP Plugin requires PHP 5.6.35 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is NERD WP Plugin updated?

NERD WP Plugin was last updated on Sep 14, 2021. Frequent updates are generally a positive security signal.

What is NERD WP Plugin's security score?

NERD WP Plugin has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

NERD WP Plugin Security & Risk Analysis

wordpress.org/plugins/nerd-wp

NERD (https://github.com/kermitt2/entity-fishing) is an application that allows to recognize and disambiguate named entities.

0 active installs v1.2.5 PHP 5.6.35+ WP 4.9.1+ Updated Sep 14, 2021

disambiguationentity-fishingentity-recognition

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is NERD WP Plugin Safe to Use in 2026?

Generally Safe

Score 85/100

NERD WP Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The "nerd-wp" v1.2.5 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for its SQL queries and avoiding file operations or external HTTP requests. The absence of recorded vulnerabilities and CVEs in its history suggests a generally stable and well-maintained codebase.

However, significant concerns arise from the static analysis. The plugin presents a single entry point via its REST API route, which completely lacks permission callbacks, making it accessible to unauthenticated users. Furthermore, only 28% of output is properly escaped, indicating a high potential for Cross-Site Scripting (XSS) vulnerabilities. While taint analysis shows no critical or high severity flows, the limited scope (0 flows analyzed) means this doesn't provide strong assurance of safety. The presence of the Guzzle library, if outdated, could also introduce risks, though the analysis doesn't specify its version.

In conclusion, "nerd-wp" v1.2.5 has strengths in its database query handling and lack of historical vulnerabilities. Nevertheless, the unprotected REST API route and widespread output unescaped are critical security weaknesses that require immediate attention to mitigate potential exploitation.

Key Concerns

REST API route without permission callbacks
Low percentage of properly escaped output

Vulnerabilities

None known

NERD WP Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

NERD WP Plugin Release Timeline

v1.2.5Current

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.4

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.0

Code Analysis

Analyzed Mar 17, 2026

NERD WP Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

8 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Guzzle

SQL Query Safety

100% prepared2 total queries

Output Escaping

28% escaped29 total outputs

Attack Surface

1 unprotected

NERD WP Plugin Attack Surface

Entry Points1

Unprotected1

REST API Routes 1

POST/wp-json/nerd-gutenberg/v1/relaunch-nerdadmin\class-nerd-wp-admin.php:232

WordPress Hooks 18

actionplugins_loadedincludes\class-nerd-wp.php:129

actionadmin_enqueue_scriptsincludes\class-nerd-wp.php:140

actionadmin_enqueue_scriptsincludes\class-nerd-wp.php:141

actionadmin_initincludes\class-nerd-wp.php:144

actionadmin_menuincludes\class-nerd-wp.php:146

actionedit_tag_formincludes\class-nerd-wp.php:151

actionedited_tagincludes\class-nerd-wp.php:152

filtermanage_edit-post_tag_columnsincludes\class-nerd-wp.php:153

filtermanage_post_tag_custom_columnincludes\class-nerd-wp.php:154

actionsave_postincludes\class-nerd-wp.php:157

actionadd_meta_boxesincludes\class-nerd-wp.php:159

actionrest_api_initincludes\class-nerd-wp.php:161

actioninitincludes\class-nerd-wp.php:162

actionenqueue_block_editor_assetsincludes\class-nerd-wp.php:163

actionwp_enqueue_scriptsincludes\class-nerd-wp.php:175

actionwp_enqueue_scriptsincludes\class-nerd-wp.php:176

actioninitincludes\class-nerd-wp.php:177

actionwidgets_initincludes\class-nerd-wp.php:178

Maintenance & Trust

NERD WP Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested5.8.13

Last updatedSep 14, 2021

PHP min version5.6.35

Downloads2K

Community Trust

Rating20/100

Number of ratings1

Active installs0

Alternatives

NERD WP Plugin Alternatives

No alternatives data available yet.

Developer Profile

NERD WP Plugin Developer Profile

yoannspace

3 plugins · 90 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect NERD WP Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/nerd-wp/css/nerd-wp-admin.css

Version Parameters

nerd-wp/css/nerd-wp-admin.css?ver=

HTML / DOM Fingerprints

Data Attributes

name="relaunch-nerd"

Shortcode Output

<input type='text' name='Yoyo'>test</input>

FAQ