WP-Safety

Plugin Check (PCP) Security & Risk Analysis

wordpress.org/plugins/plugin-check

Plugin Check is a WordPress.org tool which provides checks to help plugins meet the directory requirements and follow various best practices.

7K active installs v1.8.0 PHP 7.4+ WP 6.3+ Updated Dec 28, 2025
accessibilityperformanceplugin-best-practicessecuritytesting
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Plugin Check (PCP) Safe to Use in 2026?

Generally Safe

Score 100/100

Plugin Check (PCP) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The plugin 'plugin-check' v1.9.0 demonstrates a generally strong security posture based on the provided static analysis and vulnerability history. The absence of known CVEs and a clean taint analysis are highly positive indicators. The plugin also incorporates good security practices such as a high percentage of SQL queries using prepared statements, robust output escaping, and a significant number of capability checks. The limited attack surface, with only one AJAX handler and no REST API routes or shortcodes, further contributes to its security.

However, there are minor areas for improvement. The presence of one AJAX handler without an explicit authentication check, while small, represents a potential entry point that could be further secured. The bundled Guzzle library, v1.1, is quite outdated and could potentially harbor vulnerabilities not yet discovered or disclosed. While the plugin's current vulnerability history is excellent, the presence of bundled libraries, especially older ones, necessitates ongoing vigilance.

Overall, 'plugin-check' v1.9.0 appears to be a secure plugin with a good track record. The developer seems to be employing sound security practices. The primary recommendations would be to review the authentication mechanism for the single AJAX handler and to update the bundled Guzzle library to a more current and supported version to mitigate any potential risks associated with outdated dependencies.

Key Concerns

  • AJAX handler without auth check
  • Bundled outdated library (Guzzle v1.1)
Vulnerabilities
None known

Plugin Check (PCP) Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Plugin Check (PCP) Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
11 prepared
Unescaped Output
23
156 escaped
Nonce Checks
3
Capability Checks
7
File Operations
18
External Requests
3
Bundled Libraries
1

Bundled Libraries

Guzzle1.1

SQL Query Safety

92% prepared12 total queries

Output Escaping

87% escaped179 total outputs
Attack Surface

Plugin Check (PCP) Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_plugin_check_namer_analyzeincludes\Admin\Namer_Page.php:58
WordPress Hooks 37
actionadmin_menuincludes\Admin\Admin_Page.php:58
filterplugin_action_linksincludes\Admin\Admin_Page.php:59
actionadmin_enqueue_scriptsincludes\Admin\Admin_Page.php:60
actionadmin_enqueue_scriptsincludes\Admin\Admin_Page.php:96
actionadmin_footerincludes\Admin\Admin_Page.php:97
actionadmin_menuincludes\Admin\Namer_Page.php:54
actionadmin_enqueue_scriptsincludes\Admin\Namer_Page.php:56
actionadmin_noticesincludes\Admin\Namer_Page.php:57
filteroption_active_pluginsincludes\Checker\Preparations\Force_Single_Plugin_Preparation.php:53
filterdefault_option_active_pluginsincludes\Checker\Preparations\Force_Single_Plugin_Preparation.php:54
filtertemplateincludes\Checker\Preparations\Use_Minimal_Theme_Preparation.php:64
filterstylesheetincludes\Checker\Preparations\Use_Minimal_Theme_Preparation.php:65
filterpre_option_templateincludes\Checker\Preparations\Use_Minimal_Theme_Preparation.php:66
filterpre_option_stylesheetincludes\Checker\Preparations\Use_Minimal_Theme_Preparation.php:67
filterpre_option_current_themeincludes\Checker\Preparations\Use_Minimal_Theme_Preparation.php:68
filterpre_option_template_rootincludes\Checker\Preparations\Use_Minimal_Theme_Preparation.php:71
filterpre_option_stylesheet_rootincludes\Checker\Preparations\Use_Minimal_Theme_Preparation.php:72
actionpopulate_optionsincludes\Checker\Runtime_Environment_Setup.php:56
actionwp_installincludes\Checker\Runtime_Environment_Setup.php:65
filterpre_wp_mailincludes\Checker\Runtime_Environment_Setup.php:265
filterwp_plugin_check_ignore_directoriesincludes\CLI\Plugin_Check_Command.php:195
filterwp_plugin_check_ignore_filesincludes\CLI\Plugin_Check_Command.php:204
actionmuplugins_loadedincludes\Utilities\Plugin_Request_Utility.php:118
actionadmin_noticesplugin.php:33
actionadmin_noticesplugin.php:39
actionafter_setup_themeruntime-content\themes\wp-empty-theme\functions.php:114
actionafter_setup_themeruntime-content\themes\wp-empty-theme\functions.php:129
actionwp_headruntime-content\themes\wp-empty-theme\functions.php:142
actionwp_enqueue_scriptsruntime-content\themes\wp-empty-theme\functions.php:155
actionadmin_noticesruntime-content\themes\wp-empty-theme\inc\back-compat.php:16
actionafter_switch_themeruntime-content\themes\wp-empty-theme\inc\back-compat.php:18
actionload-customize.phpruntime-content\themes\wp-empty-theme\inc\back-compat.php:56
actiontemplate_redirectruntime-content\themes\wp-empty-theme\inc\back-compat.php:74
filterpost_classruntime-content\themes\wp-empty-theme\inc\template-functions.php:19
actionwp_headruntime-content\themes\wp-empty-theme\inc\template-functions.php:29
filterexcerpt_moreruntime-content\themes\wp-empty-theme\inc\template-functions.php:52
filterthe_content_more_linkruntime-content\themes\wp-empty-theme\inc\template-functions.php:62
Maintenance & Trust

Plugin Check (PCP) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedDec 28, 2025
PHP min version7.4
Downloads715K

Community Trust

Rating90/100
Number of ratings31
Active installs7K
Alternatives

Plugin Check (PCP) Alternatives

SLIM Low Bandwidth Mode

SLIM Low Bandwidth Mode

slim-low-bandwidth-mode

A
100

Serve your WordPress site in SLIM mode — single-request, text-first, and network-resilient.

0 No CVEs
Jetpack – WP Security, Backup, Speed, & Growth

Jetpack – WP Security, Backup, Speed, & Growth

jetpack

A
87

Improve your WP security with powerful one-click tools like backup, WAF, and malware scan. Includes free tools like stats, CDN and social sharing.

3.0M 24 CVEs
ManageWP Worker

ManageWP Worker

worker

A
98

A better way to manage dozens of WordPress websites.

1.0M 1 CVE
Simply Static – The Static Site Generator

Simply Static – The Static Site Generator

simply-static

A
99

Convert WordPress to static HTML. Boost performance 3-5x. Eliminate security vulnerabilities. Deploy anywhere.

30K 2 CVEs
DefendWP Firewall

DefendWP Firewall

defend-wp-firewall

A
99

Get instant protection against vulnerabilities disclosed by security companies.

3K 1 CVE
Developer Profile

Plugin Check (PCP) Developer Profile

WordPress.org

34 plugins · 14.9M total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
1718 days
View full developer profile
Detection Fingerprints

How We Detect Plugin Check (PCP)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/plugin-check/css/plugin-check.css/wp-content/plugins/plugin-check/js/plugin-check.js
Script Paths
/wp-content/plugins/plugin-check/js/plugin-check.js
Version Parameters
plugin-check/css/plugin-check.css?ver=plugin-check/js/plugin-check.js?ver=

HTML / DOM Fingerprints

CSS Classes
plugin-check-admin-pageplugin-check-admin-page-loading
Data Attributes
data-plugin-check-nonce
JS Globals
plugin_check_i18nplugin_check_error_messagesPluginCheck
REST Endpoints
/wp-json/plugin-check/v1/run
FAQ

Frequently Asked Questions about Plugin Check (PCP)