Does PHP Browser Detection have any unpatched vulnerabilities?

No. All known vulnerabilities in PHP Browser Detection have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is PHP Browser Detection compatible with WordPress 4.3.34?

According to WordPress.org data, PHP Browser Detection 3.1.8 has been tested up to WordPress 4.3.34. Check the plugin's changelog for the latest compatibility information.

How often is PHP Browser Detection updated?

PHP Browser Detection was last updated on Sep 8, 2015. Frequent updates are generally a positive security signal.

What is PHP Browser Detection's security score?

PHP Browser Detection has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PHP Browser Detection Security & Risk Analysis

wordpress.org/plugins/php-browser-detection

PHP Browser Detection is a WordPress plugin used to detect a user's browser. Please report any bugs on the support forums.

600 active installs v3.1.8 PHP + WP + Updated Sep 8, 2015

browserbrowser-detectioninternet-exploreriphonephp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is PHP Browser Detection Safe to Use in 2026?

Generally Safe

Score 85/100

PHP Browser Detection has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The php-browser-detection plugin v3.1.8 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of dangerous functions, SQL injection vulnerabilities, file operations, and external HTTP requests are all positive indicators. The plugin also has a clean vulnerability history, with no known CVEs, suggesting a well-maintained and secure codebase.

However, a significant concern arises from the complete lack of output escaping. With 18 total outputs analyzed, 0% being properly escaped means that any data processed by the plugin and then displayed to users or in rendered HTML is highly susceptible to cross-site scripting (XSS) attacks. The lack of nonce checks and capability checks on its two shortcodes, while not leading to immediate critical vulnerabilities in this specific analysis, represent potential weaknesses that could be exploited if the shortcode functionality handles user-supplied data in the future. The total entry points are low, and none are identified as unprotected, but the unescaped outputs remain the primary immediate risk.

Key Concerns

Unescaped output in all analyzed instances
Lack of nonce checks on shortcodes
Lack of capability checks on shortcodes

Vulnerabilities

None known

PHP Browser Detection Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

PHP Browser Detection Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped18 total outputs

Attack Surface

PHP Browser Detection Attack Surface

Entry Points2

Unprotected0

Shortcodes 2

[is_browser] inc\shortcodes.php:30

[browser_info] inc\shortcodes.php:43

WordPress Hooks 1

filterplugin_row_metainc\admin.php:21

Maintenance & Trust

PHP Browser Detection Maintenance & Trust

Maintenance Signals

WordPress version tested4.3.34

Last updatedSep 8, 2015

PHP min version

Downloads46K

Community Trust

Rating82/100

Number of ratings16

Active installs600

Alternatives

PHP Browser Detection Alternatives

Super Browser Detector

user-agent-body-class

License: GPLv2 or later Super Browser Detector adds PHP user agent information to the body class

200 No CVEs

WPDevDesign – Oxygen – Browser Detect

wpdevdesign-browser-detect-for-oxygen

Adds "Browser" condition in Oxygen for conditional output of elements in the selected browser(s).

70 No CVEs

Browser Blocker

browser-blocker

Browser Blocker allows you to pick and choose which browsers(versions) can access your web page and which ones are given a blocked splash screen.

60 No CVEs

Browser Update Ribbon

browser-update-ribbon

Puts a ribbon on the website if the user browser is older than expected.

30 No CVEs

IE6 Support for Twenty Ten Theme

ie6-support-for-2010-theme

This plugin brings Internet Explorer 6 support for the new default Wordpress theme Twenty Ten.

30 No CVEs

Developer Profile

PHP Browser Detection Developer Profile

Mindshare Labs, Inc.

5 plugins · 770 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect PHP Browser Detection

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Version Parameters

/php-browser-detection/style.css?ver=/php-browser-detection/script.js?ver=

HTML / DOM Fingerprints

JS Globals

php_browser_infobrowser_info

Shortcode Output

[browser-detect][/browser-detect][is_browser][/is_browser]

FAQ