Does Plugin Dependencies have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Plugin Dependencies compatible with WordPress 4.0.38?

According to WordPress.org data, Plugin Dependencies 1.3 has been tested up to WordPress 4.0.38. Check the plugin's changelog for the latest compatibility information.

How often is Plugin Dependencies updated?

Plugin Dependencies was last updated on Nov 13, 2014. Frequent updates are generally a positive security signal.

What is Plugin Dependencies's security score?

Plugin Dependencies has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Plugin Dependencies Security & Risk Analysis

wordpress.org/plugins/plugin-dependencies

Plugin dependency management

200 active installs v1.3 PHP + WP 3.1+ Updated Nov 13, 2014

dependency

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Plugin Dependencies Safe to Use in 2026?

Generally Safe

Score 85/100

Plugin Dependencies has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The plugin-dependencies v1.3 demonstrates a generally strong security posture based on the provided static analysis. The absence of known vulnerabilities in its history is a significant positive indicator. Furthermore, the plugin shows good practices by avoiding dangerous functions, file operations, and external HTTP requests. The limited attack surface with no identified entry points lacking authentication or proper permission checks is also commendable.

However, there are areas for improvement. The single SQL query identified is not using prepared statements, which poses a potential risk of SQL injection, especially if user-supplied data is ever incorporated into this query. While the majority of output escaping is properly handled, there are instances where it's not, which could lead to cross-site scripting (XSS) vulnerabilities if the unescaped data is user-controlled or sensitive. The lack of nonce checks on any potential AJAX handlers, though currently there are none, is a potential future risk if AJAX functionality is added without implementing proper security measures.

Overall, plugin-dependencies v1.3 appears to be a relatively secure plugin with a clean vulnerability history. The primary concerns lie in the raw SQL query and the minority of unescaped outputs. Addressing these specific code-level issues would significantly enhance the plugin's security.

Key Concerns

SQL query not using prepared statements
Unescaped output detected

Vulnerabilities

None known

Plugin Dependencies Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Plugin Dependencies Release Timeline

v1.3Current

v1.2.1

v1.2

Code Analysis

Analyzed Mar 16, 2026

Plugin Dependencies Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

9 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

75% escaped12 total outputs

Attack Surface

Plugin Dependencies Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 20

filterextra_plugin_headersplugin-dependencies.php:31

actionload-plugins.phpplugin-dependencies.php:32

actioninitplugin-dependencies.php:34

actionadmin_noticesplugin-dependencies.php:35

actionnetwork_admin_noticesplugin-dependencies.php:36

actionactivate_pluginplugin-dependencies.php:38

actiondeactivate_pluginplugin-dependencies.php:39

actionactivate_pluginplugin-dependencies.php:40

actionplugins_loadedplugin-dependencies.php:57

actionactivated_pluginplugin-dependencies.php:224

filterpre_update_site_option_active_sitewide_pluginsplugin-dependencies.php:227

filterpre_update_option_active_pluginsplugin-dependencies.php:229

filterpre_update_option_recently_activatedplugin-dependencies.php:233

actiondeactivate_pluginplugin-dependencies.php:275

filterpre_update_option_active_pluginsplugin-dependencies.php:307

filterpre_update_site_option_active_sitewide_pluginsplugin-dependencies.php:321

actionadmin_print_stylesplugin-dependencies.php:556

actionadmin_print_footer_scriptsplugin-dependencies.php:557

filterplugin_action_linksplugin-dependencies.php:559

filternetwork_admin_plugin_action_linksplugin-dependencies.php:560

Maintenance & Trust

Plugin Dependencies Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38

Last updatedNov 13, 2014

PHP min version

Downloads8K

Community Trust

Rating100/100

Number of ratings7

Active installs200

Alternatives

Plugin Dependencies Alternatives

Stock Dependencies for WooCommerce

wc-stock-dependencies

100

Make your products' availability and stock dependent on the inventory of other products in your WooCommerce store.

100 No CVEs

WP Composer

composer

Adding Composer dependency management to WP CLI.

70 No CVEs

WpBom

wpbom

WordPress integration with OWASP CycloneDX and Dependency Track

70 No CVEs

Known Plugin Dependencies

known-plugin-dependencies

Add-on plugin for the WordPress Plugin Dependencies plugin, injecting additional information about known dependencies between plugins.

10 No CVEs

Developer Profile

Plugin Dependencies Developer Profile

scribu

24 plugins · 28K total installs

trust score

Avg Security Score

86/100

Avg Patch Time

4851 days

View full developer profile

Detection Fingerprints

How We Detect Plugin Dependencies

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ