Does Nostr Verify have any unpatched vulnerabilities?

No. All known vulnerabilities in Nostr Verify have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Nostr Verify compatible with WordPress 6.7.5?

According to WordPress.org data, Nostr Verify 1.2.0 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Nostr Verify compatible with PHP 7.2+?

Nostr Verify requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Nostr Verify updated?

Nostr Verify was last updated on Nov 12, 2024. Frequent updates are generally a positive security signal.

What is Nostr Verify's security score?

Nostr Verify has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Nostr Verify Security & Risk Analysis

wordpress.org/plugins/nostr-verify

Verify yourself with Nostr, using NIP-05

60 active installs v1.2.0 PHP 7.2+ WP 6.2+ Updated Nov 12, 2024

discoveryjrdnostrwell-known

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Nostr Verify Safe to Use in 2026?

Generally Safe

Score 92/100

Nostr Verify has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "nostr-verify" v1.2.0 plugin exhibits a very strong security posture based on the provided static analysis. The absence of any identified dangerous functions, raw SQL queries, file operations, or external HTTP requests is highly commendable. The plugin also demonstrates good output escaping practices with 94% of outputs properly escaped, and correctly utilizes nonce checks. The lack of known vulnerabilities in its history further reinforces this positive assessment.

However, the absence of any taint analysis results (total flows analyzed: 0) and a complete lack of capability checks are areas that warrant attention. While no direct risks are currently identified, these omissions mean that the plugin has not been rigorously tested for potential injection vulnerabilities that might arise from user-supplied data, nor does it implement robust access control for its (currently non-existent) entry points. The very small attack surface (0 entry points) is a significant strength that currently mitigates most theoretical risks, but a more comprehensive security review would benefit from exploring these areas.

In conclusion, the "nostr-verify" plugin appears to be built with security in mind, demonstrating excellent handling of common web vulnerabilities. The lack of historical vulnerabilities and the clean code signals are significant strengths. The primary area for improvement, though not a current risk due to the minimal attack surface, would be to incorporate taint analysis and capability checks to ensure a robust security foundation should the plugin's functionality or attack surface expand in the future.

Key Concerns

Taint analysis not performed
No capability checks

Vulnerabilities

None known

Nostr Verify Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Nostr Verify Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

16 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

94% escaped17 total outputs

Attack Surface

Nostr Verify Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 8

actioninitnostr-verify.php:25

actionactivated_pluginnostr-verify.php:56

actionquery_varsnostr-verify.php:84

actionparse_requestnostr-verify.php:162

actionshow_user_profilenostr-verify.php:238

actionedit_user_profilenostr-verify.php:239

actionpersonal_options_updatenostr-verify.php:258

actionedit_user_profile_updatenostr-verify.php:259

Maintenance & Trust

Nostr Verify Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedNov 12, 2024

PHP min version7.2

Downloads3K

Community Trust

Rating100/100

Number of ratings1

Active installs60

Alternatives

Nostr Verify Alternatives

WebFinger

webfinger

100

WebFinger for WordPress

1K No CVEs

host-meta

100

host-meta for WordPress!

80 No CVEs

/well-known-uris/

well-known-uris

"Well-Known URIs" for WordPress!

70 No CVEs

Taboola

taboola

100

Use the Taboola plugin to generate revenue from native ads and drive engagement with editorial content.

3K 1 CVE

JumpsuitAI – llms.txt + Markdown Endpoints

jumpsuitai-llms-txt

100

Generate /llms.txt, /llms-full.txt & .md endpoints for AI/LLMs in WordPress. Works with Yoast SEO, Rank Math, SEOPress & All in One SEO.

100 No CVEs

Developer Profile

Nostr Verify Developer Profile

Jeremy Herve

11 plugins · 2K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Nostr Verify

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

nostr-name-wrapnostr-pubkey-wrapnostr-name-descriptionnostr-key-description

Data Attributes

name="nostr-name"id="nostr-name"name="nostr-key"id="nostr-key"aria-describedby="email-description"

REST Endpoints

/.well-known/nostr.json

FAQ