Does Phraseanet WordPress Client have any unpatched vulnerabilities?

No. All known vulnerabilities in Phraseanet WordPress Client have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Phraseanet WordPress Client compatible with WordPress 6.0.11?

According to WordPress.org data, Phraseanet WordPress Client 1.3.11 has been tested up to WordPress 6.0.11. Check the plugin's changelog for the latest compatibility information.

How often is Phraseanet WordPress Client updated?

Phraseanet WordPress Client was last updated on Jun 21, 2022. Frequent updates are generally a positive security signal.

What is Phraseanet WordPress Client's security score?

Phraseanet WordPress Client has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Phraseanet WordPress Client Security & Risk Analysis

wordpress.org/plugins/phraseanet-client

This plugin creates the possibility to get and add assets from Phraseanet server into your Wordpress website.

10 active installs v1.3.11 PHP + WP 5.6.0+ Updated Jun 21, 2022

assetsgalleryimagesmediaphraseanet

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Phraseanet WordPress Client Safe to Use in 2026?

Generally Safe

Score 85/100

Phraseanet WordPress Client has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The phraseanet-client plugin version 1.3.11 exhibits a mixed security posture. On the positive side, the plugin demonstrates strong adherence to secure coding practices regarding SQL queries, utilizing prepared statements exclusively. The majority of output operations are also properly escaped, and a substantial number of nonce and capability checks are in place, indicating an effort to secure administrative and user-facing functionalities. The absence of any recorded vulnerabilities or CVEs in its history further suggests a relatively stable and secure track record.

However, a significant concern arises from the extremely large attack surface presented by unprotected AJAX handlers. With 24 out of 25 total entry points being AJAX handlers without authentication checks, this creates a substantial risk. The taint analysis, while not revealing critical or high-severity issues, did identify 8 flows with unsanitized paths, which, combined with the unprotected AJAX endpoints, could potentially be leveraged for various attacks if not properly handled by the application logic.

In conclusion, while the plugin benefits from good SQL practices, proper output escaping, and a clean vulnerability history, the overwhelming number of unprotected AJAX endpoints represents a critical security weakness. The presence of unsanitized paths in taint flows exacerbates this risk. Developers should prioritize implementing robust authentication and authorization checks for all AJAX handlers to mitigate these significant exposure points.

Key Concerns

Large attack surface without auth (AJAX)
Taint flows with unsanitized paths

Vulnerabilities

None known

Phraseanet WordPress Client Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Phraseanet WordPress Client Code Analysis

Dangerous Functions

Raw SQL Queries

18 prepared

Unescaped Output

149 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0Guzzle

SQL Query Safety

100% prepared18 total queries

Output Escaping

92% escaped162 total outputs

Data Flows

8 unsanitized

Data Flow Analysis

9 flows8 with unsanitized paths

get_custom_single_post (admin\class-phraseanet-admin.php:290)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

24 unprotected

Phraseanet WordPress Client Attack Surface

Entry Points25

Unprotected24

AJAX Handlers 24

authwp_ajax_add_custom_postincludes\class-phraseanet.php:286

authwp_ajax_get_custom_postincludes\class-phraseanet.php:287

authwp_ajax_get_custom_postincludes\class-phraseanet.php:288

authwp_ajax_delete_custom_postincludes\class-phraseanet.php:289

noprivwp_ajax_get_custom_single_postincludes\class-phraseanet.php:290

authwp_ajax_get_custom_single_postincludes\class-phraseanet.php:291

authwp_ajax_edit_custom_single_postincludes\class-phraseanet.php:292

authwp_ajax_edit_custom_single_post_titleincludes\class-phraseanet.php:293

authwp_ajax_getMediaAjaxincludes\class-phraseanet.php:321

noprivwp_ajax_getMediaAjaxincludes\class-phraseanet.php:323

authwp_ajax_collectionincludes\class-phraseanet.php:325

noprivwp_ajax_collectionincludes\class-phraseanet.php:326

authwp_ajax_getFacetsincludes\class-phraseanet.php:328

noprivwp_ajax_getFacetsincludes\class-phraseanet.php:329

authwp_ajax_getDataboxStructureincludes\class-phraseanet.php:331

noprivwp_ajax_getDataboxStructureincludes\class-phraseanet.php:332

authwp_ajax_downloaderincludes\class-phraseanet.php:334

noprivwp_ajax_downloaderincludes\class-phraseanet.php:335

authwp_ajax_getSubdefsincludes\class-phraseanet.php:337

noprivwp_ajax_getSubdefsincludes\class-phraseanet.php:338

authwp_ajax_pageConfigincludes\class-phraseanet.php:343

noprivwp_ajax_pageConfigincludes\class-phraseanet.php:344

authwp_ajax_logoutincludes\class-phraseanet.php:346

noprivwp_ajax_logoutincludes\class-phraseanet.php:347

Shortcodes 1

[phraseanet-client-block] includes\class-phraseanet.php:313

WordPress Hooks 70

actionafter_uninstallincludes\class-phraseanet-deactivator.php:34

actionplugins_loadedincludes\class-phraseanet.php:156

actionadmin_enqueue_scriptsincludes\class-phraseanet.php:171

actionadmin_enqueue_scriptsincludes\class-phraseanet.php:172

actionadmin_initincludes\class-phraseanet.php:175

actionadmin_menuincludes\class-phraseanet.php:176

actionadmin_initincludes\class-phraseanet.php:179

actionadmin_initincludes\class-phraseanet.php:181

actioninitincludes\class-phraseanet.php:183

actionadmin_headincludes\class-phraseanet.php:184

actionadmin_footer_textincludes\class-phraseanet.php:185

actioninitincludes\class-phraseanet.php:192

actionadd_meta_boxesincludes\class-phraseanet.php:193

actionsave_postincludes\class-phraseanet.php:194

actioninitincludes\class-phraseanet.php:197

actionadd_meta_boxesincludes\class-phraseanet.php:198

actionsave_postincludes\class-phraseanet.php:199

actioninitincludes\class-phraseanet.php:202

actionadd_meta_boxesincludes\class-phraseanet.php:203

actionsave_postincludes\class-phraseanet.php:204

actioninitincludes\class-phraseanet.php:207

actionadd_meta_boxesincludes\class-phraseanet.php:208

actionsave_postincludes\class-phraseanet.php:209

actioninitincludes\class-phraseanet.php:212

actionadd_meta_boxesincludes\class-phraseanet.php:213

actionsave_postincludes\class-phraseanet.php:214

actioninitincludes\class-phraseanet.php:217

actionadd_meta_boxesincludes\class-phraseanet.php:218

actionsave_postincludes\class-phraseanet.php:219

actioninitincludes\class-phraseanet.php:222

actionadd_meta_boxesincludes\class-phraseanet.php:223

actionsave_postincludes\class-phraseanet.php:224

actioninitincludes\class-phraseanet.php:227

actionadd_meta_boxesincludes\class-phraseanet.php:228

actionsave_postincludes\class-phraseanet.php:229

actioninitincludes\class-phraseanet.php:233

actionadd_meta_boxesincludes\class-phraseanet.php:234

actionsave_postincludes\class-phraseanet.php:235

actioninitincludes\class-phraseanet.php:239

actionadd_meta_boxesincludes\class-phraseanet.php:240

actionsave_postincludes\class-phraseanet.php:241

actioninitincludes\class-phraseanet.php:244

actionadd_meta_boxesincludes\class-phraseanet.php:245

actionsave_postincludes\class-phraseanet.php:246

actioninitincludes\class-phraseanet.php:249

actionadd_meta_boxesincludes\class-phraseanet.php:250

actionsave_postincludes\class-phraseanet.php:251

actioninitincludes\class-phraseanet.php:255

actionadd_meta_boxesincludes\class-phraseanet.php:256

actionsave_postincludes\class-phraseanet.php:257

actioninitincludes\class-phraseanet.php:261

actionadd_meta_boxesincludes\class-phraseanet.php:262

actionsave_postincludes\class-phraseanet.php:263

actioninitincludes\class-phraseanet.php:266

actionadd_meta_boxesincludes\class-phraseanet.php:267

actionsave_postincludes\class-phraseanet.php:268

actioninitincludes\class-phraseanet.php:271

actionadd_meta_boxesincludes\class-phraseanet.php:272

actionsave_postincludes\class-phraseanet.php:273

actioninitincludes\class-phraseanet.php:276

actionadd_meta_boxesincludes\class-phraseanet.php:277

actionsave_postincludes\class-phraseanet.php:278

actionwp_enqueue_scriptsincludes\class-phraseanet.php:308

actionwp_enqueue_scriptsincludes\class-phraseanet.php:309

actioninitincludes\class-phraseanet.php:310

actionwp_headincludes\class-phraseanet.php:316

actioninitincludes\class-phraseanet.php:318

filterdefault_currencyphraseanet.php:110

filtershow_admin_barpublic\class-phraseanet-public.php:284

filterpre_get_postspublic\class-phraseanet-public.php:285

Maintenance & Trust

Phraseanet WordPress Client Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11

Last updatedJun 21, 2022

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Phraseanet WordPress Client Alternatives

ACF Galerie 4

acf-galerie-4

100

Enhance your WordPress website with ACF Galerie 4, a powerful and customizable gallery plugin.

1K No CVEs

Polaroid Gallery

polaroid-gallery

Polaroid Gallery is a CSS3 & jQuery Image Gallery plugin for WordPress Media Library.

1K No CVEs

Scissors and Watermark

scissors-watermark

Scissors and Watermark enhances WordPress' handling of images by introducing cropping, resizing, rotating, and watermarking functionality.

200 No CVEs

Automatic Alternative Text

automatic-alternative-text

Automatically generate alt text for images with Microsoft's Cognitive Services Computer Vision API.

100 No CVEs

Full Screen Galleries

full-screen-galleries

Full Screen Galleries creates an automatic full-screen slideshow mode for image galleries in your content. Posts and pages with galleries are automati …

100 No CVEs

Developer Profile

Phraseanet WordPress Client Developer Profile

alchemydev

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Phraseanet WordPress Client

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/phraseanet-client/admin/css/phraseanet-admin.css/wp-content/plugins/phraseanet-client/public/css/bootstrap-phraseanet.css/wp-content/plugins/phraseanet-client/admin/js/phraseanet-admin.js/wp-content/plugins/phraseanet-client/public/js/bootstrap.bundle.min.js/wp-content/plugins/phraseanet-client/dist/react_pages.js/wp-content/plugins/phraseanet-client/dist/editor.js

Script Paths

/wp-content/plugins/phraseanet-client/admin/js/phraseanet-admin.js/wp-content/plugins/phraseanet-client/public/js/bootstrap.bundle.min.js/wp-content/plugins/phraseanet-client/dist/react_pages.js/wp-content/plugins/phraseanet-client/dist/editor.js

Version Parameters

phraseanet-client/css/phraseanet-admin.css?ver=phraseanet-client/css/bootstrap-phraseanet.css?ver=phraseanet-client/js/phraseanet-admin.js?ver=phraseanet-client/js/bootstrap.bundle.min.js?ver=phraseanet-client/dist/react_pages.js?ver=phraseanet-client/dist/editor.js?ver=

HTML / DOM Fingerprints

JS Globals

my_block_licensing_data

FAQ