WP-Safety

Pets Security & Risk Analysis

wordpress.org/plugins/pets

A plugin to manage websites with pets or animal shelters.

90 active installs v1.4.1 PHP 5.6+ WP 4.0+ Updated Apr 17, 2022
animal-shelteranimalspets
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEAug 6, 2025
Plugin page Download
Safety Verdict

Is Pets Safe to Use in 2026?

Use With Caution

Score 63/100

Pets has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Aug 6, 2025Updated 3yr ago
Risk Assessment

The 'pets' plugin v1.4.1 exhibits a mixed security posture. On one hand, the plugin demonstrates good practices by avoiding a large attack surface with zero identified entry points and a strong use of prepared statements for SQL queries. The presence of nonce checks and a significant portion of properly escaped output are also positive indicators. However, several concerns emerge. The absence of capability checks is a significant weakness, suggesting that actions within the plugin might not be properly restricted to authorized users. Additionally, the taint analysis revealing flows with unsanitized paths is a critical finding, even without reported critical or high severity issues in the static analysis, as it indicates potential for vulnerabilities if these paths were to be exploited. The vulnerability history, specifically the single unpatched medium severity CVE of a Cross-site Scripting type, further highlights a past area of weakness that remains unaddressed. The bundled Freemius library v1.0 is also a potential concern if it's an outdated version. While the plugin avoids some common pitfalls, the lack of capability checks and the presence of unsanitized paths, coupled with an unpatched CVE, indicate a moderate risk level.

Key Concerns

  • Unpatched medium severity CVE
  • Flows with unsanitized paths found
  • Missing capability checks
  • Bundled outdated library (Freemius v1.0)
  • Significant unescaped output (25%)
  • SQL queries without prepared statements (14%)
Vulnerabilities
1

Pets Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-52742medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Pets <= 1.4.1 - Reflected Cross-Site Scripting

Aug 6, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Pets Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
6 prepared
Unescaped Output
79
240 escaped
Nonce Checks
6
Capability Checks
0
File Operations
1
External Requests
2
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

86% prepared7 total queries

Output Escaping

75% escaped319 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

11 flows6 with unsanitized paths
settings_page (includes\admin\settings\class-settings.php:84)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Pets Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 49
actionadd_meta_boxesincludes\abstracts\class-metabox.php:22
actionsave_postincludes\abstracts\class-metabox.php:23
actionadmin_menuincludes\admin\class-admin.php:22
actionadmin_enqueue_scriptsincludes\admin\class-admin.php:23
actionadd_meta_boxesincludes\admin\class-admin.php:24
actionsave_postincludes\admin\class-admin.php:25
filterbulk_actions-edit-petsincludes\admin\post-types\class-pets-type.php:18
filterhandle_bulk_actions-edit-petsincludes\admin\post-types\class-pets-type.php:19
actionadmin_noticesincludes\admin\post-types\class-pets-type.php:20
filterdisplay_post_statesincludes\admin\post-types\class-pets-type.php:21
actionpets_admin_page_pets-fieldsincludes\admin\settings\class-settings-fields.php:22
actionpets_admin_page_pets-settingsincludes\admin\settings\class-settings.php:27
actionpets_settings_form_fieldsincludes\admin\settings\class-settings.php:28
actionpets_settings_updatedincludes\admin\settings\class-settings.php:29
actionpets_add_form_before_fieldsincludes\class-pets-add.php:35
actionpets_add_form_before_fieldsincludes\class-pets-add.php:36
actioninitincludes\class-pets-add.php:38
actionpets_missing_pet_addedincludes\class-pets-emails.php:10
actionpets_new_pet_addedincludes\class-pets-emails.php:11
actionpets_missing_form_before_fieldsincludes\class-pets-missing.php:35
actionpets_missing_form_before_fieldsincludes\class-pets-missing.php:36
actioninitincludes\class-pets-missing.php:38
filterthe_contentincludes\class-pets-template.php:19
filtertemplate_includeincludes\class-pets-template.php:20
actionpets_before_loopincludes\functions-templates.php:199
actionpets_after_loopincludes\functions-templates.php:200
actionpets_before_loop_whileincludes\functions-templates.php:201
actionpets_after_loop_whileincludes\functions-templates.php:202
actiongive_donation_form_topincludes\integrations\class-give.php:19
actiongive_insert_paymentincludes\integrations\class-give.php:20
actiongive_donation_details_thead_beforeincludes\integrations\class-give.php:21
filtergive_donation_receipt_argsincludes\integrations\class-give.php:23
filterpets_settings_tabsincludes\integrations\class-give.php:24
filterpets_settings_fieldsincludes\integrations\class-give.php:25
filterthe_contentincludes\integrations\class-give.php:26
filterthe_contentincludes\integrations\class-give.php:57
filterpets_settings_tabsincludes\integrations\class-petfinder.php:24
filterpets_settings_fieldsincludes\integrations\class-petfinder.php:25
actioninitpets.php:177
actioninitpets.php:178
actioninitpets.php:179
actionwp_enqueue_scriptspets.php:180
actionplugins_loadedpets.php:181
actionpets_before_looppets.php:182
actionpre_get_postspets.php:183
actionpre_get_postspets.php:184
actionpre_get_postspets.php:185
actionwidgets_initpets.php:186
filterpost_updated_messagespets.php:190
Maintenance & Trust

Pets Maintenance & Trust

Maintenance Signals

WordPress version tested5.9.13
Last updatedApr 17, 2022
PHP min version5.6
Downloads7K

Community Trust

Rating100/100
Number of ratings3
Active installs90
Alternatives

Pets Alternatives

Pet Adoption Listings

Pet Adoption Listings

pet-adoption-listings

A
92

Display adoptable pets from an Adopt-a-Pet.com shelter's listings.

100 No CVEs
Animal Shelter

Animal Shelter

animal-shelter

A
100

The Animal Shelter plugin is proposed as a package of tools for animal protectors that facilitate the publication of cards, adoption, volunteering and &hellip;

0 No CVEs
PetBridge

PetBridge

petbridge

A
100

Embed PetBridge features on your WordPress site to streamline pet adoptions, surrenders, alerts, and engagement with your community.

0 No CVEs
WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager

WPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager

insert-headers-and-footers

A
99

Easily add code snippets in WordPress. Insert header & footer scripts, add PHP code snippets with conditional logic, insert ads pixel code, and more.

3.0M 3 CVEs
Code Snippets

Code Snippets

code-snippets

A
89

An easy, clean and simple way to enhance your site with code snippets.

1.0M 7 CVEs
Developer Profile

Pets Developer Profile

Igor Benic

12 plugins · 2K total installs

68
trust score
Avg Security Score
84/100
Avg Patch Time
479 days
View full developer profile
Detection Fingerprints

How We Detect Pets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pets/assets/css/public/pets.css

HTML / DOM Fingerprints

CSS Classes
pets-addpets-add-petpets-add-editpets-add-pet-formpets-editpets-edit-petpets-edit-pet-formpets-edit-edit+57 more
Data Attributes
data-pet-iddata-pet-namedata-pet-agedata-pet-breeddata-pet-genderdata-pet-description+3 more
JS Globals
pets_ajax_object
REST Endpoints
/wp-json/pets/v1/pets/wp-json/pets/v1/pets/(?P<id>\d+)
Shortcode Output
[pets_search][pets_add][pets_missing][pets_single_pet]
FAQ

Frequently Asked Questions about Pets