Does Pastacode have any unpatched vulnerabilities?

No. All known vulnerabilities in Pastacode have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Pastacode compatible with WordPress 6.9.4?

According to WordPress.org data, Pastacode 3.0.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Pastacode compatible with PHP 7.0+?

Pastacode requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Pastacode updated?

Pastacode was last updated on Mar 12, 2026. Frequent updates are generally a positive security signal.

What is Pastacode's security score?

Pastacode has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Pastacode Security & Risk Analysis

wordpress.org/plugins/pastacode

Use Pastacode to add code into your posts with the awesome PrismJs coloration library. So, past'a code!

500 active installs v3.0.1 PHP 7.0+ WP 4.0+ Updated Mar 12, 2026

blockcodegithubsourcecodesyntax

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Pastacode Safe to Use in 2026?

Generally Safe

Score 100/100

Pastacode has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 22d ago

Risk Assessment

The 'pastacode' plugin v3.0.1 exhibits a mixed security posture. While it has no recorded historical vulnerabilities and a high percentage of properly escaped outputs, significant concerns arise from its attack surface. Two AJAX handlers are exposed without authentication checks, presenting a direct entry point for potential malicious activity. Additionally, the plugin performs SQL queries without using prepared statements, increasing the risk of SQL injection vulnerabilities. The lack of taint analysis data is noted, but it does not negate the explicit risks identified in the code signals. Overall, the plugin's strengths lie in its clean vulnerability history and good output escaping practices, but the unprotected entry points and un-prepared SQL queries are substantial weaknesses that require immediate attention.

Key Concerns

Unprotected AJAX handlers
SQL queries without prepared statements

Vulnerabilities

None known

Pastacode Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Pastacode Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

30 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

SQL Query Safety

0% prepared2 total queries

Output Escaping

86% escaped35 total outputs

Attack Surface

2 unprotected

Pastacode Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 2

authwp_ajax_pastacode-get-source-codeincludes\remote-code-getter.php:68

noprivwp_ajax_pastacode-get-source-codeincludes\remote-code-getter.php:69

REST API Routes 1

POST/wp-json/pastacode/v2/retrieve_codeincludes\remote-code-getter.php:7

Shortcodes 1

[pastacode] includes\shortcode.php:3

WordPress Hooks 45

actionadmin_enqueue_scriptsincludes\back-dependencies.php:3

filteradmin_enqueue_scriptsincludes\back-dependencies.php:44

actionwp_enqueue_scriptsincludes\front.php:3

filterpastacode_servicesincludes\pastacode-options.php:3

filterpastacode_langsincludes\pastacode-options.php:18

filterpastacode_fieldsincludes\pastacode-options.php:47

actionrest_api_initincludes\remote-code-getter.php:5

filterplugin_row_metaincludes\settings.php:10

filteradmin_post_pastacode_drop_transientsincludes\settings.php:30

actionadmin_menuincludes\settings.php:41

filterpastacode_manualincludes\sources.php:6

filterpastacode_githubincludes\sources.php:26

filterpastacode_gitlabincludes\sources.php:65

filterpastacode_gistincludes\sources.php:93

filterpastacode_bitbucketsnippetsincludes\sources.php:119

filterpastacode_bitbucketincludes\sources.php:151

filterpastacode_fileincludes\sources.php:171

filterpastacode_pastebinincludes\sources.php:192

actionadmin_initincludes\tinymce-config.php:4

filtermce_external_pluginsincludes\tinymce-config.php:13

filtermce_buttonsincludes\tinymce-config.php:14

actionadmin_enqueue_scriptsincludes\tinymce-config.php:33

filtermce_cssincludes\tinymce-config.php:47

actionadmin_enqueue_scriptsincludes\tinymce-config.php:56

actionbefore_wp_tiny_mceincludes\tinymce-config.php:65

actiontemplate_redirectincludes\tinymce-config.php:228

filterbbp_after_get_the_content_parse_argsincludes\tinymce-config.php:231

filterpastacode_ajaxincludes\tinymce-config.php:239

filterbbp_get_topic_contentincludes\tinymce-config.php:241

filterbbp_get_reply_contentincludes\tinymce-config.php:242

filtermce_buttonsincludes\tinymce-config.php:247

filtermce_buttons_2includes\tinymce-config.php:248

filtermce_external_pluginsincludes\tinymce-config.php:249

actiontemplate_redirectincludes\tinymce-config.php:263

filtercomment_form_field_commentincludes\tinymce-config.php:266

filtercomment_textincludes\tinymce-config.php:267

filterpastacode_ajaxincludes\tinymce-config.php:276

filtermce_buttonsincludes\tinymce-config.php:277

filtermce_buttons_2includes\tinymce-config.php:278

filtermce_external_pluginsincludes\tinymce-config.php:279

filterwp_editor_settingsincludes\tinymce-config.php:313

filtermce_buttons_2includes\tinymce-config.php:319

filtermce_external_pluginsincludes\tinymce-config.php:320

actioninitpastacode.php:37

actionplugins_loadedpastacode.php:66

Maintenance & Trust

Pastacode Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 12, 2026

PHP min version7.0

Downloads25K

Community Trust

Rating98/100

Number of ratings14

Active installs500

Alternatives

Pastacode Alternatives

SyntaxHighlighter Evolved

syntaxhighlighter

Easily post syntax-highlighted code to your site without having to modify the code at all. As seen on WordPress.com.

20K 3 CVEs

Code Block Pro – Beautiful Syntax Highlighting

code-block-pro

100

Code highlighting powered by the VS Code engine. Performance focused. No bloat.

10K No CVEs

Highlighting Code Block

highlighting-code-block

Add code block with syntax highlighting using prism.js. (Available for Gutenberg and Classic Editor)

10K No CVEs

Syntax-highlighting Code Block (with Server-side Rendering)

syntax-highlighting-code-block

100

Extending the Code block with syntax highlighting rendered on the server, thus being AMP-compatible and having faster frontend performance.

1K No CVEs

WP SyntaxHighlighter

wp-syntaxhighlighter

This plugin is code syntax highlighter based on SyntaxHighlighter ver. 3.0.83 and 2.1.382.

300 No CVEs

Developer Profile

Pastacode Developer Profile

Willy Bahuaud

8 plugins · 9K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Pastacode

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pastacode/js/prism.js/wp-content/plugins/pastacode/plugins/line-highlight/prism-line-highlight.min.js/wp-content/plugins/pastacode/plugins/normalize-whitespace/prism-normalize-whitespace.min.js/wp-content/plugins/pastacode/plugins/line-numbers/prism-line-numbers.min.js/wp-content/plugins/pastacode/plugins/show-invisibles/prism-show-invisibles.min.js/wp-content/plugins/pastacode/css/prism.css/wp-content/plugins/pastacode/plugins/line-highlight/prism-line-highlight.css/wp-content/plugins/pastacode/plugins/line-numbers/prism-line-numbers.css+3 more

Version Parameters

pastacode/js/prism.js?ver=pastacode/plugins/line-highlight/prism-line-highlightpastacode/plugins/normalize-whitespace/prism-normalize-whitespacepastacode/plugins/line-numbers/prism-line-numberspastacode/plugins/show-invisibles/prism-show-invisiblespastacode/css/prism.css?ver=pastacode/plugins/line-highlight/prism-line-highlight.css?ver=pastacode/plugins/line-numbers/prism-line-numbers.css?ver=pastacode/plugins/show-invisibles/prism-show-invisibles.css?ver=pastacode/plugins/treeview/prism-treeviewpastacode/plugins/treeview/prism-treeview.js?ver=

HTML / DOM Fingerprints

CSS Classes

code-embed-infoscode-embed-namecode-embed-rawcode-embed-wrappercode-embed-precode-embed-code

Data Attributes

data-startdata-line-offset

Shortcode Output

<div class="code-embed-wrapper"><pre class="language- code-embed-pre" data-start="

FAQ