Does Peace Protocol have any unpatched vulnerabilities?

No. All known vulnerabilities in Peace Protocol have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Peace Protocol compatible with WordPress 6.8.5?

According to WordPress.org data, Peace Protocol 1.2.7 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Peace Protocol compatible with PHP 7.4+?

Peace Protocol requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Peace Protocol updated?

Peace Protocol was last updated on Aug 27, 2025. Frequent updates are generally a positive security signal.

What is Peace Protocol's security score?

Peace Protocol has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Peace Protocol Security & Risk Analysis

wordpress.org/plugins/peace-protocol

A secure, decentralized protocol for WordPress administrators to connect their sites and build a network of trust through cryptographic handshakes.

0 active installs v1.2.7 PHP 7.4+ WP 6.0+ Updated Aug 27, 2025

cryptographicdecentralizedfederationpeacesecurity

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Peace Protocol Safe to Use in 2026?

Generally Safe

Score 100/100

Peace Protocol has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago

Risk Assessment

The peace-protocol v1.2.7 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices in SQL query handling by exclusively using prepared statements and shows a strong adherence to output escaping, with 87% of outputs properly handled. The absence of known CVEs and a clean vulnerability history is also a significant strength, suggesting a generally well-maintained codebase.

However, the plugin presents notable concerns regarding its attack surface. A substantial number of AJAX handlers (33 out of 46) lack authentication checks, creating potential entry points for unauthorized actions. While the taint analysis did not reveal critical or high-severity vulnerabilities, the presence of 6 flows with unsanitized paths warrants attention, as these could be exploited under specific conditions. The limited number of nonce checks (11 total, matching external HTTP requests) alongside the unprotected AJAX endpoints further amplifies this risk. The plugin also makes 11 external HTTP requests, which, while not inherently insecure, is an area that always requires careful monitoring for potential supply chain attacks or misconfigurations.

In conclusion, peace-protocol v1.2.7 has strengths in its SQL and output handling and a clean vulnerability history. However, the significant number of unprotected AJAX endpoints and the identified unsanitized path flows represent the most immediate security risks. Addressing these areas should be a priority to strengthen the plugin's overall security.

Key Concerns

Unprotected AJAX handlers
Flows with unsanitized paths detected
External HTTP requests

Vulnerabilities

None known

Peace Protocol Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Peace Protocol Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

229 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

87% escaped262 total outputs

Data Flows

6 unsanitized

Data Flow Analysis

9 flows6 with unsanitized paths

peaceprotocol_ajax_send_peace (includes\rest-endpoints.php:1622)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

33 unprotected

Peace Protocol Attack Surface

Entry Points55

Unprotected33

AJAX Handlers 46

authwp_ajax_peaceprotocol_rotate_tokensincludes\admin-pages.php:5

authwp_ajax_peaceprotocol_delete_tokenincludes\admin-pages.php:6

authwp_ajax_peaceprotocol_subscribe_feedincludes\frontend-button.php:54

noprivwp_ajax_peaceprotocol_subscribe_feedincludes\frontend-button.php:70

authwp_ajax_peaceprotocol_receive_peaceincludes\rest-endpoints.php:316

noprivwp_ajax_peaceprotocol_receive_peaceincludes\rest-endpoints.php:376

authwp_ajax_peaceprotocol_federated_authincludes\rest-endpoints.php:426

noprivwp_ajax_peaceprotocol_federated_authincludes\rest-endpoints.php:453

authwp_ajax_peaceprotocol_federated_exchangeincludes\rest-endpoints.php:481

noprivwp_ajax_peaceprotocol_federated_exchangeincludes\rest-endpoints.php:482

authwp_ajax_peaceprotocol_send_peaceincludes\rest-endpoints.php:1619

noprivwp_ajax_peaceprotocol_send_peaceincludes\rest-endpoints.php:1620

authwp_ajax_peaceprotocol_generate_codeincludes\rest-endpoints.php:1674

noprivwp_ajax_peaceprotocol_generate_codeincludes\rest-endpoints.php:1675

authwp_ajax_peaceprotocol_exchange_codeincludes\rest-endpoints.php:1715

noprivwp_ajax_peaceprotocol_exchange_codeincludes\rest-endpoints.php:1716

authwp_ajax_peaceprotocol_validate_tokenincludes\rest-endpoints.php:1825

noprivwp_ajax_peaceprotocol_validate_tokenincludes\rest-endpoints.php:1826

authwp_ajax_peaceprotocol_federated_loginincludes\rest-endpoints.php:1860

noprivwp_ajax_peaceprotocol_federated_loginincludes\rest-endpoints.php:1861

authwp_ajax_peaceprotocol_debug_logincludes\rest-endpoints.php:1926

noprivwp_ajax_peaceprotocol_debug_logincludes\rest-endpoints.php:1927

authwp_ajax_peaceprotocol_indieauth_callbackincludes\rest-endpoints.php:1932

noprivwp_ajax_peaceprotocol_indieauth_callbackincludes\rest-endpoints.php:1933

authwp_ajax_peaceprotocol_indieauth_testincludes\rest-endpoints.php:1936

noprivwp_ajax_peaceprotocol_indieauth_testincludes\rest-endpoints.php:1937

authwp_ajax_peaceprotocol_indieauth_tokenincludes\rest-endpoints.php:1940

noprivwp_ajax_peaceprotocol_indieauth_tokenincludes\rest-endpoints.php:1941

authwp_ajax_peaceprotocol_refresh_indieauth_tokenincludes\rest-endpoints.php:1944

noprivwp_ajax_peaceprotocol_refresh_indieauth_tokenincludes\rest-endpoints.php:1945

authwp_ajax_peaceprotocol_testincludes\rest-endpoints.php:2092

noprivwp_ajax_peaceprotocol_testincludes\rest-endpoints.php:2093

authwp_ajax_peaceprotocol_complete_authincludes\rest-endpoints.php:2104

noprivwp_ajax_peaceprotocol_complete_authincludes\rest-endpoints.php:2105

authwp_ajax_peaceprotocol_complete_indieauth_authincludes\rest-endpoints.php:2208

noprivwp_ajax_peaceprotocol_complete_indieauth_authincludes\rest-endpoints.php:2209

authwp_ajax_peaceprotocol_discover_indieauthincludes\rest-endpoints.php:3342

noprivwp_ajax_peaceprotocol_discover_indieauthincludes\rest-endpoints.php:3343

authwp_ajax_peaceprotocol_ban_userincludes\user-banning.php:5

authwp_ajax_peaceprotocol_send_peaceincludes\user-banning.php:408

authwp_ajax_peaceprotocol_generate_codeincludes\user-banning.php:414

authwp_ajax_peaceprotocol_exchange_codeincludes\user-banning.php:420

authwp_ajax_peaceprotocol_federated_exchangeincludes\user-banning.php:426

authwp_ajax_peaceprotocol_validate_tokenincludes\user-banning.php:432

authwp_ajax_peaceprotocol_federated_loginincludes\user-banning.php:438

authwp_ajax_peaceprotocol_complete_authincludes\user-banning.php:444

REST API Routes 7

POST/wp-json/peace-protocol/v1/subscribeincludes\frontend-button.php:31

POST/wp-json/peace-protocol/v1/receiveincludes\rest-endpoints.php:105

GET/wp-json/peace-protocol/v1/testincludes\rest-endpoints.php:115

POST/wp-json/peace-protocol/v1/federated-authincludes\rest-endpoints.php:1438

POST/wp-json/peace-protocol/v1/federated-exchangeincludes\rest-endpoints.php:1466

POST/wp-json/peace-protocol/v1/send-peaceincludes\rest-endpoints.php:1515

POST/wp-json/peace-protocol/v1/validate-authorizationincludes\rest-endpoints.php:1570

Shortcodes 2

[peaceprotocol_log_wall] includes\shortcodes.php:4

[peaceprotocol_hand_button] includes\shortcodes.php:983

WordPress Hooks 52

actionadmin_menuincludes\admin-pages.php:8

actionwp_enqueue_scriptsincludes\enqueue-assets.php:5

actionadmin_enqueue_scriptsincludes\enqueue-assets.php:62

actionwp_enqueue_scriptsincludes\enqueue-assets.php:91

actionadmin_enqueue_scriptsincludes\enqueue-assets.php:137

actionadmin_enqueue_scriptsincludes\enqueue-assets.php:147

actionwp_enqueue_scriptsincludes\enqueue-assets.php:168

actioninitincludes\federated-users.php:5

actionadmin_initincludes\federated-users.php:83

actionafter_setup_themeincludes\federated-users.php:90

filtercomment_form_defaultsincludes\federated-users.php:237

filterget_comment_authorincludes\federated-users.php:247

actionwp_footerincludes\frontend-button.php:6

actionrest_api_initincludes\frontend-button.php:30

actionwp_enqueue_scriptsincludes\inline-scripts.php:375

actionadmin_enqueue_scriptsincludes\inline-scripts.php:376

actionadmin_enqueue_scriptsincludes\inline-scripts.php:377

actioninitincludes\register-cpt.php:4

filtermanage_peaceprotocol_log_posts_columnsincludes\register-cpt.php:36

actionmanage_peaceprotocol_log_posts_custom_columnincludes\register-cpt.php:40

actioninitincludes\rest-endpoints.php:97

actioninitincludes\rest-endpoints.php:101

actionrest_api_initincludes\rest-endpoints.php:103

actionrest_api_initincludes\rest-endpoints.php:130

filterrest_pre_serve_requestincludes\rest-endpoints.php:131

actionrest_api_initincludes\rest-endpoints.php:142

filterrest_pre_dispatchincludes\rest-endpoints.php:143

actiontemplate_redirectincludes\rest-endpoints.php:577

actiontemplate_redirectincludes\rest-endpoints.php:946

actiontemplate_redirectincludes\rest-endpoints.php:1193

actiontemplate_redirectincludes\rest-endpoints.php:1366

actionrest_api_initincludes\rest-endpoints.php:1436

actioninitincludes\rest-endpoints.php:1996

actioninitincludes\rest-endpoints.php:1997

actiontemplate_redirectincludes\rest-endpoints.php:2272

actionwp_footerincludes\rest-endpoints.php:2388

actioninitincludes\rest-endpoints.php:3389

actionparse_requestincludes\rest-endpoints.php:3412

filteruser_row_actionsincludes\user-banning.php:8

actionadmin_footer-users.phpincludes\user-banning.php:32

actioninitincludes\user-banning.php:59

actiontemplate_redirectincludes\user-banning.php:258

actionwp_footerincludes\user-banning.php:272

actionshow_user_profileincludes\user-banning.php:296

actionedit_user_profileincludes\user-banning.php:325

filtermanage_users_columnsincludes\user-banning.php:354

filtermanage_users_custom_columnincludes\user-banning.php:359

actionrest_api_initincludes\user-banning.php:397

filterrest_pre_dispatchincludes\user-banning.php:399

actionwp_footerincludes\user-banning.php:451

actioninitpeace-protocol.php:66

actionadmin_post_peaceprotocol_force_cache_bustpeace-protocol.php:88

Maintenance & Trust

Peace Protocol Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedAug 27, 2025

PHP min version7.4

Downloads265

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Peace Protocol Alternatives

Wordfence Security – Firewall, Malware Scan, and Login Security

wordfence

Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.

5.0M 12 CVEs

Hostinger Tools

hostinger

Simplified WordPress management. Manage site info, maintenance, security, & redirects.

3.0M 1 CVE

Jetpack – WP Security, Backup, Speed, & Growth

jetpack

Improve your WP security with powerful one-click tools like backup, WAF, and malware scan. Includes free tools like stats, CDN and social sharing.

3.0M 24 CVEs

Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)

really-simple-ssl

Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate.

3.0M 3 CVEs

Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall

limit-login-attempts-reloaded

Block excessive login attempts and protect your site against brute force attacks. Simple, yet powerful tools to improve site performance.

2.0M 4 CVEs

Developer Profile

Peace Protocol Developer Profile

Billy Wilcosky

3 plugins · 20 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Peace Protocol

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/peace-protocol/js/frontend.js/wp-content/plugins/peace-protocol/js/admin.js/wp-content/plugins/peace-protocol/css/frontend.css

Script Paths

/wp-content/plugins/peace-protocol/js/frontend.js/wp-content/plugins/peace-protocol/js/admin.js

Version Parameters

peace-protocol/js/frontend.js?ver=peace-protocol/js/admin.js?ver=peace-protocol/css/frontend.css?ver=

HTML / DOM Fingerprints

HTML Comments

Data Attributes

data-noncedata-resturldata-ajaxurldata-federatedloginnoncedata-i18n_confirmdata-i18n_yes+17 more

JS Globals

peaceprotocolDatapeaceprotocolAdminDataajaxurl

REST Endpoints

/wp-json/peace-protocol/v1/receive

FAQ