Does Pathshala have any unpatched vulnerabilities?

No. All known vulnerabilities in Pathshala have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Pathshala compatible with WordPress 5.4.19?

According to WordPress.org data, Pathshala 1.0.0 has been tested up to WordPress 5.4.19. Check the plugin's changelog for the latest compatibility information.

How often is Pathshala updated?

Pathshala was last updated on Jul 7, 2021. Frequent updates are generally a positive security signal.

What is Pathshala's security score?

Pathshala has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Pathshala Security & Risk Analysis

wordpress.org/plugins/pathshala

License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html Pathshala is a complete eLearning management solution for WordPress.

0 active installs v1.0.0 PHP + WP 4.4+ Updated Jul 7, 2021

courseselearninglearning-management

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Pathshala Safe to Use in 2026?

Generally Safe

Score 85/100

Pathshala has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The "pathshala" v1.0.0 plugin exhibits a generally positive security posture based on the static analysis provided. The absence of any recorded CVEs and the fact that all identified SQL queries utilize prepared statements are strong indicators of good development practices. Furthermore, the plugin demonstrates an awareness of security by including a nonce check and a capability check, which are essential for protecting against common web vulnerabilities. The limited attack surface, with no identified AJAX handlers, REST API routes, shortcodes, or cron events that are directly exposed without checks, further contributes to its secure design.

However, a notable concern arises from the output escaping. With only 31% of 13 total outputs being properly escaped, there is a significant risk of cross-site scripting (XSS) vulnerabilities. This means that user-supplied data, if not handled carefully by other parts of the code not detailed here, could be rendered directly into the HTML without sufficient sanitization, potentially allowing attackers to inject malicious scripts. The absence of any taint analysis flows with unsanitized paths, while seemingly positive, might also be due to a limited scope of analysis or a lack of complex data flows within the plugin. The vulnerability history is clean, which is excellent, but the output escaping issue remains a specific area that requires immediate attention to mitigate potential risks.

Key Concerns

Low percentage of properly escaped output

Vulnerabilities

None known

Pathshala Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Pathshala Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

4 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

31% escaped13 total outputs

Attack Surface

Pathshala Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 10

actioninitincludes\class-pathshala.php:82

actionplugins_loadedincludes\class-pathshala.php:153

actionadmin_enqueue_scriptsincludes\class-pathshala.php:168

actionadmin_enqueue_scriptsincludes\class-pathshala.php:169

actionwp_enqueue_scriptsincludes\class-pathshala.php:184

actionwp_enqueue_scriptsincludes\class-pathshala.php:185

actionadd_meta_boxes_pathshalaincludes\class-post-type.php:20

actionsave_post_pathshalaincludes\class-post-type.php:22

actionadmin_enqueue_scriptsincludes\class-post-type.php:239

filtertemplate_includepathashala.php:75

Maintenance & Trust

Pathshala Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19

Last updatedJul 7, 2021

PHP min version

Downloads903

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Pathshala Alternatives

Tutor LMS Divi Modules

tutor-lms-divi-modules

Get 26+ Tutor LMS Divi Page builder widgets to create an entire eLearning site and design custom course pages, course carousels, listings, and more.

1K No CVEs

Tutor LMS – eLearning and online course solution

tutor

A complete WordPress LMS plugin to create any eLearning website easily.

100K 60 CVEs

LearnPress – WordPress LMS Plugin for Create and Sell Online Courses

learnpress

A WordPress LMS Plugin to create WordPress Learning Management System. Turn your WordPress to LMS WordPress Website with Courses, Lessons, Quizzes &am …

80K 63 CVEs

Tutor LMS Elementor Addons

tutor-lms-elementor-addons

Get 35+ Elementor widgets to create an entire eLearning site with Tutor LMS and design custom course pages, course carousels, listings, and more.

30K 5 CVEs

LearnPress – Course Wishlist

learnpress-wishlist

100

LearnPress Wishlist add wishlist feature to your LearnPress course in your site.

20K No CVEs

Developer Profile

Pathshala Developer Profile

Robin

2 plugins · 0 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Pathshala

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pathshala/admin/css/pathshala-admin.css/wp-content/plugins/pathshala/admin/js/pathshala-admin.js

Script Paths

/wp-content/plugins/pathshala/admin/js/pathshala-admin.js

Version Parameters

pathshala-admin?ver=pathshala?ver=

HTML / DOM Fingerprints

FAQ