Does Onionify – Onion Service for WP have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Onionify – Onion Service for WP compatible with WordPress 6.9.4?

According to WordPress.org data, Onionify – Onion Service for WP 1.0.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Onionify – Onion Service for WP compatible with PHP 7.4+?

Onionify – Onion Service for WP requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Onionify – Onion Service for WP updated?

Onionify – Onion Service for WP was last updated on Mar 13, 2026. Frequent updates are generally a positive security signal.

What is Onionify – Onion Service for WP's security score?

Onionify – Onion Service for WP has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Onionify – Onion Service for WP Security & Risk Analysis

wordpress.org/plugins/onionify

Serve WordPress cleanly over .onion with URL rewriting, Onion-Location, and privacy hardening.

0 active installs v1.0.3 PHP 7.4+ WP 6.0+ Updated Mar 13, 2026

csponionprivacysecuritytor

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Onionify – Onion Service for WP Safe to Use in 2026?

Generally Safe

Score 100/100

Onionify – Onion Service for WP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "onionify" v1.0.3 plugin exhibits a generally good security posture based on the static analysis. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the attack surface, and all entry points are reported as protected. The code demonstrates strong adherence to secure coding practices with 100% of SQL queries using prepared statements, a solid number of capability checks, and the presence of nonce checks.

However, there are minor concerns regarding output escaping, with only 65% of outputs being properly escaped. This leaves a portion of the plugin's output potentially vulnerable to cross-site scripting (XSS) attacks if user-supplied data is not handled carefully before being displayed. The taint analysis revealed two flows with unsanitized paths, although these were not categorized as critical or high severity, suggesting the potential impact might be limited or mitigated by other factors not explicitly detailed.

The plugin's vulnerability history is a significant strength, with zero known CVEs recorded. This, combined with the lack of recent vulnerabilities, indicates a history of secure development and maintenance. In conclusion, "onionify" v1.0.3 is a relatively secure plugin due to its minimal attack surface and strong SQL security. The primary area for improvement lies in ensuring all outputs are properly escaped to prevent potential XSS vulnerabilities.

Key Concerns

Unescaped output detected
Flows with unsanitized paths

Vulnerabilities

None known

Onionify – Onion Service for WP Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Onionify – Onion Service for WP Release Timeline

v1.0.3Current

v1.0.2

v1.0.1

v1.0.0

Code Analysis

Analyzed Mar 17, 2026

Onionify – Onion Service for WP Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

49 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

65% escaped75 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

sendHeaders (src\Http\Headers.php:29)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Onionify – Onion Service for WP Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 35

actionadmin_noticesonionify.php:44

actionplugins_loadedonionify.php:111

actionadmin_noticesonionify.php:117

actionadmin_menusrc\Admin\AdminWelcome.php:15

actionnetwork_admin_menusrc\Admin\AdminWelcome.php:16

actionadmin_initsrc\Admin\AdminWelcome.php:17

actionadmin_headsrc\Admin\AdminWelcome.php:72

actionadmin_footersrc\Admin\AdminWelcome.php:99

actionadmin_initsrc\Admin\Settings.php:76

actionadmin_menusrc\Admin\Settings.php:77

actionnetwork_admin_menusrc\Admin\Settings.php:80

actionnetwork_admin_edit_onionify_save_networksrc\Admin\Settings.php:81

actionnetwork_admin_edit_onionify_save_defaultssrc\Admin\Settings.php:82

actionload-settings_page_onionify_settingssrc\Admin\Settings.php:96

actionload-admin_page_onionify_networksrc\Admin\Settings.php:97

actionload-admin_page_onionify_network_defaultssrc\Admin\Settings.php:98

filterpre_option_homesrc\Bootstrap.php:57

filterpre_option_siteurlsrc\Bootstrap.php:58

filterhome_urlsrc\Bootstrap.php:59

filtersite_urlsrc\Bootstrap.php:60

filtercontent_urlsrc\Bootstrap.php:61

filterplugins_urlsrc\Bootstrap.php:62

filterstylesheet_directory_urisrc\Bootstrap.php:63

filtertemplate_directory_urisrc\Bootstrap.php:64

filterredirect_canonicalsrc\Bootstrap.php:65

filterwp_is_using_httpssrc\Bootstrap.php:66

actiontemplate_redirectsrc\Bootstrap.php:69

filterpre_http_requestsrc\Http\Loopback.php:37

filtercron_requestsrc\Http\Loopback.php:40

actioninitsrc\Security\Hardening.php:33

filterget_avatar_urlsrc\Security\Hardening.php:54

filterembed_oembed_discoversrc\Security\Hardening.php:93

filteroembed_fetch_urlsrc\Security\Hardening.php:96

filterwp_resource_hintssrc\Security\Hardening.php:105

filtertiny_mce_pluginssrc\Security\Hardening.php:144

Maintenance & Trust

Onionify – Onion Service for WP Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 13, 2026

PHP min version7.4

Downloads272

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Onionify – Onion Service for WP Alternatives

Onion Service by Adam Szokol

adamszokol-onion-service

100

A focused plugin designed to enable Onion Service & Mapping support for your WordPress site.

0 No CVEs

Disable Directory Listings

disable-directory-listings

Prevent virtual directory listing services from listing the contents of directories, and/or show a page in place of a directory's listing.

100 No CVEs

Grumpy AI Gate

grumpy-ai-gate

100

Intercept and log AI-related HTTP from plugins/themes; optional AI Client blocking. All data stays on your server.

0 No CVEs

Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)

really-simple-ssl

Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate.

3.0M 3 CVEs

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs

Developer Profile

Onionify – Onion Service for WP Developer Profile

Ivijan-Stefan Stipic

7 plugins · 95K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

285 days

View full developer profile

Detection Fingerprints

How We Detect Onionify – Onion Service for WP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/onionify/src/Assets/dist/css/style.css/wp-content/plugins/onionify/src/Assets/dist/js/script.js

Script Paths

/wp-content/plugins/onionify/src/Assets/dist/js/script.js

Version Parameters

onionify/src/Assets/dist/css/style.css?ver=onionify/src/Assets/dist/js/script.js?ver=

HTML / DOM Fingerprints

HTML Comments

JS Globals

window.onionify

FAQ