Does Plugin Logic have any unpatched vulnerabilities?

No. All known vulnerabilities in Plugin Logic have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Plugin Logic compatible with WordPress 6.9.4?

According to WordPress.org data, Plugin Logic 1.1.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Plugin Logic updated?

Plugin Logic was last updated on Dec 5, 2025. Frequent updates are generally a positive security signal.

What is Plugin Logic's security score?

Plugin Logic has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Plugin Logic Security & Risk Analysis

wordpress.org/plugins/plugin-logic

Url based plugin deactivation or activation.

90 active installs v1.1.2 PHP + WP 6.2.0+ Updated Dec 5, 2025

activate-plugins-by-urldeactivate-plugins-by-rulesdeactivate-plugins-by-urldisable-plugins-by-pagedisable-plugins-by-rules

A · Safe

CVEs total1

Unpatched0

Last CVEDec 2, 2022

Plugin page Download

Safety Verdict

Is Plugin Logic Safe to Use in 2026?

Generally Safe

Score 99/100

Plugin Logic has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Dec 2, 2022Updated 3mo ago

Risk Assessment

The plugin "plugin-logic" v1.1.2 exhibits a mixed security posture. On the positive side, the static analysis shows no identified attack surface, meaning there are no readily exploitable entry points like unprotected AJAX handlers, REST API routes, shortcodes, or cron events. Furthermore, all SQL queries utilize prepared statements, all output is properly escaped, and there are a good number of nonce and capability checks, indicating adherence to several WordPress security best practices. The absence of external HTTP requests and bundled libraries is also a positive sign, reducing potential attack vectors.

However, there are significant concerns. The presence of the `unserialize` function without explicit warnings about its usage is a major red flag. Improper use of `unserialize` can lead to Remote Code Execution vulnerabilities if the input data is controlled by an attacker. The vulnerability history also reveals a past high-severity SQL injection vulnerability, which is concerning given the plugin's history. While this specific vulnerability is reported as patched, the nature of the vulnerability suggests that careful input validation and sanitization are critical for this plugin.

In conclusion, while the current version of "plugin-logic" v1.1.2 appears to have a reduced attack surface and good practices regarding SQL queries and output escaping, the presence of `unserialize` and the past SQL injection vulnerability necessitate caution. The developer should thoroughly audit the usage of `unserialize` and ensure robust input validation across all data sources.

Key Concerns

Dangerous function 'unserialize' detected
Past high-severity SQL Injection vulnerability

Vulnerabilities

Plugin Logic Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2022-4268high · 7.2Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Plugin Logic <= 1.0.7 - Authenticated (Administrator+) SQL Injection

Dec 2, 2022 Patched in 1.0.8 (417d)

Code Analysis

Analyzed Mar 16, 2026

Plugin Logic Code Analysis

Dangerous Functions

Raw SQL Queries

19 prepared

Unescaped Output

19 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$rules['urls'] = unserialize( $r->urls );plugin-logic.php:358

unserialize$rules['words'] = unserialize( $r->words );plugin-logic.php:359

SQL Query Safety

100% prepared19 total queries

Output Escaping

100% escaped19 total outputs

Attack Surface

Plugin Logic Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 7

actionadmin_footerplugin-logic-fields.php:166

actionadmin_footerplugin-logic-fields.php:185

actionplugins_loadedplugin-logic.php:26

actionadmin_menuplugin-logic.php:88

filterscreen_layout_columnsplugin-logic.php:130

actionadmin_noticesplugin-logic.php:191

actionadmin_footerplugin-logic.php:718

Maintenance & Trust

Plugin Logic Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 5, 2025

PHP min version

Downloads8K

Community Trust

Rating94/100

Number of ratings27

Active installs90

Alternatives

Plugin Logic Alternatives

No alternatives data available yet.

Developer Profile

Plugin Logic Developer Profile

Simon Wheatley

3 plugins · 40K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

417 days

View full developer profile

Detection Fingerprints

How We Detect Plugin Logic

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/plugin-logic/css/plugin-logic.css/wp-content/plugins/plugin-logic/js/plugin-logic.js

Script Paths

/wp-content/plugins/plugin-logic/js/plugin-logic.js

Version Parameters

plugin-logic/css/plugin-logic.css?ver=plugin-logic/js/plugin-logic.js?ver=

HTML / DOM Fingerprints

HTML Comments

Data Attributes

name="plulo_toggle_dash_col"id="plulo_option_page"

JS Globals

pluginLogic

FAQ