Does Pocket WP have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Pocket WP compatible with WordPress 4.1.42?

According to WordPress.org data, Pocket WP 0.4.3 has been tested up to WordPress 4.1.42. Check the plugin's changelog for the latest compatibility information.

How often is Pocket WP updated?

Pocket WP was last updated on Mar 9, 2015. Frequent updates are generally a positive security signal.

What is Pocket WP's security score?

Pocket WP has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Pocket WP Security & Risk Analysis

wordpress.org/plugins/pocket-wp

Pocket WP allows you to embed your Pocket links into a WordPress page or post via a shortcode or a widget.

30 active installs v0.4.3 PHP + WP 3.0.1+ Updated Mar 9, 2015

linkspocketshortcodewidget

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Pocket WP Safe to Use in 2026?

Generally Safe

Score 85/100

Pocket WP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago

Risk Assessment

The plugin "pocket-wp" v0.4.3 exhibits a mixed security posture. On the positive side, it shows no known historical vulnerabilities and its database interactions are robust, utilizing prepared statements exclusively. Furthermore, the absence of dangerous functions, file operations, and critical taint flows is commendable. However, significant concerns arise from the analysis of its attack surface and code signals. A notable portion of its output is not properly escaped, indicating a potential for Cross-Site Scripting (XSS) vulnerabilities. The presence of an unprotected AJAX handler is a direct pathway for unauthenticated attackers to interact with the plugin's functionality, which is a critical security gap.

The lack of nonce checks and capability checks on the identified entry points, particularly the AJAX handler, exacerbates the risk. The plugin has a small attack surface, but one of its entry points is completely exposed. While taint analysis and vulnerability history are clean, this does not negate the risks identified through static code analysis. The overall security is undermined by the unauthenticated AJAX endpoint and the prevalence of unescaped output, despite other good security practices.

Key Concerns

Unprotected AJAX handler
Low percentage of properly escaped output
No nonce checks on entry points
No capability checks on entry points

Vulnerabilities

None known

Pocket WP Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Pocket WP Release Timeline

v0.4.3Current

v0.4.2

v0.4.1

v0.4

Code Analysis

Analyzed Mar 16, 2026

Pocket WP Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

21% escaped29 total outputs

Attack Surface

1 unprotected

Pocket WP Attack Surface

Entry Points2

Unprotected1

AJAX Handlers 1

authwp_ajax_pwp_click_authorization_buttonpocket-wp.php:50

Shortcodes 1

[pocket_links] pocket-wp.php:53

WordPress Hooks 6

actionadmin_noticespocket-wp.php:40

actionadmin_menupocket-wp.php:43

actionadmin_initpocket-wp.php:44

actionadmin_footerpocket-wp.php:47

actionwp_enqueue_scriptspocket-wp.php:56

actionwidgets_initpocket-wp.php:458

Maintenance & Trust

Pocket WP Maintenance & Trust

Maintenance Signals

WordPress version tested4.1.42

Last updatedMar 9, 2015

PHP min version

Downloads3K

Community Trust

Rating80/100

Number of ratings1

Active installs30

Alternatives

Pocket WP Alternatives

BuddyMenu BuddyLinks

buddymenu-buddylinks

BuddyPress BuddyLinks does three things really well:

60 No CVEs

VN Links

vn-links

Manage external links and display links as dropdown in a single widget or block. One of most required feature for all government sites in Vietnam.

0 No CVEs

Contact Form by BestWebSoft – Advanced WP Contact Form Builder for WordPress

contact-form-plugin

The most powerful and user-friendly WordPress contact form plugin. Create beautiful contact forms, widgets and pages using shortcodes.

30K 10 CVEs

Apollo13 Framework Extensions

apollo13-framework-extensions

Adds custom post types, shortcodes and some features that are used in themes built on Apollo13 Framework.

20K 6 CVEs

Kaya QR Code Generator

kaya-qr-code-generator

Generate QR Code through Widgets and Shortcodes, without any dependencies.

20K 2 CVEs

Developer Profile

Pocket WP Developer Profile

ciaranm

1 plugin · 30 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Pocket WP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pocket-wp/style.css

Version Parameters

pocket-wp/style.css?ver=

HTML / DOM Fingerprints

Shortcode Output

[pocket_links][pocket_links count="[pocket_links excerpt="[pocket_links tag="

FAQ