Does Pando Extra have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Pando Extra compatible with WordPress 4.9.29?

According to WordPress.org data, Pando Extra 1.1 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Pando Extra updated?

Pando Extra was last updated on Apr 10, 2018. Frequent updates are generally a positive security signal.

What is Pando Extra's security score?

Pando Extra has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Pando Extra Security & Risk Analysis

wordpress.org/plugins/pando-extra

Overview This is a companion plugin for the PandoWP theme, it add all functionalities that are plugin-territory to the PandoWP theme.

10 active installs v1.1 PHP + WP 4.0+ Updated Apr 10, 2018

companionpandowp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Pando Extra Safe to Use in 2026?

Generally Safe

Score 85/100

Pando Extra has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "pando-extra" plugin version 1.1 exhibits a generally good security posture, with strong adherence to secure coding practices. The plugin excels in output escaping, with 97% of outputs properly handled, and uses prepared statements for 75% of its SQL queries. The absence of file operations and external HTTP requests further mitigates common attack vectors. Furthermore, its vulnerability history is clean, with no known CVEs recorded, suggesting a well-maintained codebase.

However, a notable concern arises from the attack surface analysis, which reveals one AJAX handler lacking authentication checks. While taint analysis shows no immediate critical or high-severity issues, this unprotected entry point represents a potential avenue for attackers to interact with the plugin without proper authorization. The presence of multiple AJAX handlers (four total) amplifies this concern, as it increases the potential for further vulnerabilities if not diligently secured.

In conclusion, "pando-extra" v1.1 is largely secure, demonstrating good development practices. The primary weakness lies in the single unprotected AJAX endpoint. Addressing this specific vulnerability would significantly enhance the plugin's overall security. The lack of historical vulnerabilities is a positive indicator, but vigilance remains crucial, especially for newly discovered weaknesses or when implementing new features.

Key Concerns

Unprotected AJAX handler

Vulnerabilities

None known

Pando Extra Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Pando Extra Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

Pando Extra Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

103 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

75% prepared4 total queries

Output Escaping

97% escaped106 total outputs

Attack Surface

1 unprotected

Pando Extra Attack Surface

Entry Points7

Unprotected1

AJAX Handlers 4

authwp_ajax_rwmb_attach_fileinc\meta-box\inc\fields\file-advanced.php:37

authwp_ajax_rwmb_delete_fileinc\meta-box\inc\fields\file.php:32

authwp_ajax_rwmb_get_embedinc\meta-box\inc\fields\oembed.php:24

authwp_ajax_rwmb_plupload_image_uploadinc\meta-box\inc\fields\plupload-image.php:17

Shortcodes 3

[bearr-site-url] functions.php:23

[rwmb_meta] inc\meta-box\inc\functions.php:201

[rwmb_meta] inc\meta-box\inc\helpers.php:24

WordPress Hooks 34

filterwp_nav_menu_itemsfunctions.php:25

filterrwmb_meta_boxesfunctions.php:103

filterplugin_action_links_meta-box/meta-box.phpinc\meta-box\inc\about\about.php:29

actionadmin_menuinc\meta-box\inc\about\about.php:32

actionadmin_headinc\meta-box\inc\about\about.php:33

actionadmin_enqueue_scriptsinc\meta-box\inc\about\about.php:36

actionactivated_plugininc\meta-box\inc\about\about.php:39

filterplugin_action_links_meta-box/meta-box.phpinc\meta-box\inc\core.php:20

actioninitinc\meta-box\inc\core.php:23

actionedit_page_forminc\meta-box\inc\core.php:24

actionprint_media_templatesinc\meta-box\inc\fields\file-advanced.php:38

actionpost_edit_form_taginc\meta-box\inc\fields\file.php:31

actionprint_media_templatesinc\meta-box\inc\fields\media.php:45

filterget_media_item_argsinc\meta-box\inc\fields\thickbox-image.php:14

actionadmin_initinc\meta-box\inc\init.php:2

actionedit_page_forminc\meta-box\inc\init.php:23

actioninitinc\meta-box\inc\media-modal.php:25

filterattachment_fields_to_editinc\meta-box\inc\media-modal.php:27

filterattachment_fields_to_saveinc\meta-box\inc\media-modal.php:28

filterrwmb_showinc\meta-box\inc\media-modal.php:30

actionadmin_enqueue_scriptsinc\meta-box\inc\meta-box.php:102

actionadd_meta_boxesinc\meta-box\inc\meta-box.php:116

filterdefault_hidden_meta_boxesinc\meta-box\inc\meta-box.php:119

actionedit_attachmentinc\meta-box\inc\meta-box.php:126

actionadd_attachmentinc\meta-box\inc\meta-box.php:127

actionrwmb_afterinc\meta-box\inc\validation.php:17

actionrwmb_enqueue_scriptsinc\meta-box\inc\validation.php:18

actioninitinc\meta-box\inc\wpml.php:28

filterwpml_duplicate_generic_stringinc\meta-box\inc\wpml.php:38

filterrwmb_normalize_fieldinc\meta-box\inc\wpml.php:39

actionrwmb_beforeinc\meta-box\meta-box-show-hide.php:30

actionadmin_enqueue_scriptsinc\meta-box\meta-box-show-hide.php:31

filterrwmb_meta_boxesmeta-fields-post-formats.php:3

actionadmin_enqueue_scriptspando-extra.php:25

Maintenance & Trust

Pando Extra Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedApr 10, 2018

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Pando Extra Alternatives

Mesmerize Companion

mesmerize-companion

The Mesmerize Companion plugin adds drag and drop page builder functionality to the Mesmerize theme.

60K 3 CVEs

Clever Fox

clever-fox

Clever Fox plugin to enhance the functionality of free themes made by Nayra Themes.

30K 2 CVEs

Desert Companion

desert-companion

100

Desert Companion Enhances Desert Themes with additional functionality.

20K No CVEs

Arile Extra

arile-extra

100

Arile Extra is a companion plugin for ArileWP WordPress theme by ThemeArile.

10K No CVEs

One Page Express Companion

one-page-express-companion

The One Page Express Companion plugin adds drag and drop page builder functionality to the One Page Express theme.

10K 2 CVEs

Developer Profile

Pando Extra Developer Profile

Diego Pereira

3 plugins · 10K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

104 days

View full developer profile

Detection Fingerprints

How We Detect Pando Extra

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pando-extra/css/metabox.css

Script Paths

/wp-content/plugins/pando-extra/inc/meta-box/inc/about/js/script.js/wp-content/plugins/pando-extra/inc/meta-box/js/show-hide.js/wp-content/plugins/pando-extra/inc/meta-box/js/autocomplete.js

Version Parameters

pando-extra/css/metabox.css?ver=meta-box/meta-box.php?ver=meta-box-show-hide/js/show-hide.js?ver=meta-box/js/autocomplete.js?ver=

HTML / DOM Fingerprints

CSS Classes

rwmb-show-hide

Data Attributes

data-showdata-exclude

JS Globals

RWMB_Autocomplete

FAQ