Does Nooz have any unpatched vulnerabilities?

No. All known vulnerabilities in Nooz have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Nooz compatible with WordPress 6.6.5?

According to WordPress.org data, Nooz 1.7.2 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

How often is Nooz updated?

Nooz was last updated on Oct 9, 2024. Frequent updates are generally a positive security signal.

What is Nooz's security score?

Nooz has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Nooz Security & Risk Analysis

wordpress.org/plugins/nooz

Simplified press release and media coverage management for websites.

500 active installs v1.7.2 PHP + WP 6.0+ Updated Oct 9, 2024

medianewspresspress-coveragepress-release

A · Safe

CVEs total1

Unpatched0

Last CVEFeb 15, 2023

Plugin page Download

Safety Verdict

Is Nooz Safe to Use in 2026?

Generally Safe

Score 92/100

Nooz has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 15, 2023Updated 1yr ago

Risk Assessment

The "nooz" v1.7.2 plugin presents a generally good security posture, with a strong emphasis on secure coding practices. The complete absence of AJAX handlers and REST API routes without authentication checks, coupled with 100% prepared SQL statements and robust nonce and capability checks, indicates a conscious effort to protect against common web vulnerabilities. The high percentage of properly escaped output further strengthens this assessment.

However, a notable concern arises from the taint analysis, which identified one flow with unsanitized paths. While this did not escalate to a critical or high severity issue in static analysis, it represents a potential area for exploitation if not properly handled. The presence of a past medium severity Cross-Site Scripting (XSS) vulnerability, though currently patched, also warrants continued vigilance. This history suggests that input sanitization may have been a previous weakness, and while addressed, it highlights the importance of ongoing security audits.

In conclusion, "nooz" v1.7.2 demonstrates a solid foundation of secure development. The low attack surface and diligent use of security mechanisms are commendable. The primary areas for attention are the identified unsanitized path flow and the historical vulnerability. Addressing these proactively will ensure the plugin maintains its strong security standing and continues to protect users effectively.

Key Concerns

Unsanitized path flow identified in taint analysis
Past medium severity XSS vulnerability

Vulnerabilities

Nooz Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2023-25794medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Nooz <= 1.6.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Feb 15, 2023 Patched in 1.7.0 (342d)

Code Analysis

Analyzed Mar 16, 2026

Nooz Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

175 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

82% escaped214 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

init_default_pages (inc\class-admin.php:277)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Nooz Attack Surface

Entry Points3

Unprotected0

Shortcodes 3

[nooz] inc\class-admin.php:139

[nooz-release] inc\class-admin.php:140

[nooz-coverage] inc\class-admin.php:141

WordPress Hooks 60

actioninitinc\class-admin.php:132

actionadmin_initinc\class-admin.php:134

filternooz/settings/groupsinc\class-admin.php:135

actionnooz/settings/setup/group=nooz_generalinc\class-admin.php:136

actionadmin_menuinc\class-admin.php:137

actionadmin_initinc\class-admin.php:138

actionadmin_enqueue_scriptsinc\class-admin.php:142

actionafter_setup_themeinc\class-admin.php:145

filterget_the_excerptinc\class-admin.php:146

actioninitinc\class-admin.php:148

actionedit_form_after_titleinc\class-admin.php:150

actioninitinc\class-admin.php:152

filterquery_varsinc\class-admin.php:154

actionnooz/post-types/registeredinc\class-admin.php:155

actionwp_loadedinc\class-admin.php:157

actionadmin_noticesinc\class-admin.php:289

actionadmin_noticesinc\class-admin.php:293

actionadmin_headinc\class-contextual-help.php:13

filtershortcode_atts_nooz-coverageinc\class-coverage.php:10

filtershortcode_atts_noozinc\class-coverage.php:11

filterpost_type_linkinc\class-coverage.php:12

actionadd_meta_boxesinc\class-coverage.php:13

actionsave_postinc\class-coverage.php:14

filternooz_post_datainc\class-coverage.php:15

filternooz/settings/groupsinc\class-coverage.php:16

actionnooz/settings/setup/group=nooz_coverageinc\class-coverage.php:17

filtersanitize_post_meta__mdnooz_sourceinc\class-coverage.php:18

filtersanitize_post_meta__mdnooz_link_urlinc\class-coverage.php:19

filtersanitize_post_meta__mdnooz_link_urlinc\class-coverage.php:20

actionupdate_option_mdnooz_coverage_sluginc\class-coverage.php:23

actionadd_meta_boxesinc\class-release.php:10

actionsave_postinc\class-release.php:11

actionsave_postinc\class-release.php:12

actionsave_postinc\class-release.php:13

filtershortcode_atts_nooz-releaseinc\class-release.php:14

filtershortcode_atts_noozinc\class-release.php:15

filterthe_contentinc\class-release.php:18

filternooz_post_datainc\class-release.php:19

filterpost_classinc\class-release.php:20

filternooz/settings/groupsinc\class-release.php:21

actionnooz/settings/setup/group=nooz_releaseinc\class-release.php:22

actionupdate_option_mdnooz_release_sluginc\class-release.php:25

actioninitinc\class-upgrade.php:10

actioninitinc\class-upgrade.php:11

actioninitinc\class-upgrade.php:12

actioninitinc\class-upgrade.php:13

actioninitinc\class-upgrade.php:14

actioninitinc\class-upgrade.php:15

actionwp_loadedinc\class-upgrade.php:16

actionplugins_loadedindex.php:16

filternooz_shortcode_datathemes\basic\theme.php:3

filternooz_shortcodethemes\basic\theme.php:29

filternooz_releasethemes\basic\theme.php:36

filternooz_post_contentthemes\basic\theme.php:43

actionwp_enqueue_scriptsthemes\basic\theme.php:49

filternooz_shortcodethemes\outline\theme.php:3

filternooz_releasethemes\outline\theme.php:10

filternooz_post_contentthemes\outline\theme.php:18

actionwp_enqueue_scriptsthemes\outline\theme.php:27

actionwp_headthemes\outline\theme.php:38

Maintenance & Trust

Nooz Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedOct 9, 2024

PHP min version

Downloads24K

Community Trust

Rating100/100

Number of ratings7

Active installs500

Alternatives

Nooz Alternatives

Press, News, Events

press-news-events

Create custom post types for press releases, references to external news stories, and events.

60 No CVEs

Genesis Press Post Type

genesis-press-post-type

100

The Genesis Press Post Type plugin creates a "Press" custom post type and a display widget for adding media bookmarks to any child theme wri …

10 No CVEs

Press Release Newsroom

press-release-newsroom

Displays press releases via rss from PRWIREPRO's network on your pages or sidebar.

10 No CVEs

FileBird – WordPress Media Library Folders & File Manager

filebird

Organize thousands of WordPress media files in folders / categories with ease.

200K 10 CVEs

Real Media Library: Media Library Folder & File Manager

real-media-library-lite

Organize uploaded media in folders, collections and galleries: A file manager for WordPress. Media management made easy with Real Media Library! (Alte …

100K 4 CVEs

Developer Profile

Nooz Developer Profile

mightydigital

2 plugins · 510 total installs

trust score

Avg Security Score

89/100

Avg Patch Time

342 days

View full developer profile

Detection Fingerprints

How We Detect Nooz

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/nooz/css/main.css/wp-content/plugins/nooz/js/admin.js/wp-content/plugins/nooz/js/main.js

Script Paths

/wp-content/plugins/nooz/js/admin.js/wp-content/plugins/nooz/js/main.js

Version Parameters

nooz/css/main.css?ver=nooz/js/admin.js?ver=nooz/js/main.js?ver=

HTML / DOM Fingerprints

CSS Classes

nooz-release-itemnooz-coverage-itemnooz-shortcode-wrapper

HTML Comments

Data Attributes

data-nooz-id

JS Globals

nooz

Shortcode Output

[nooz][nooz-release][nooz-coverage]

FAQ