Poetry Security & Risk Analysis

wordpress.org/plugins/poetry

This Widget will show random poems from 50 poets, obtained from mypoeticside.com

10 active installs v1.1 PHP + WP 2.7.0+ Updated Feb 18, 2013
literaturepoemspoetrypoets
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Safety Verdict

Is Poetry Safe to Use in 2026?

Generally Safe

Score 85/100

Poetry has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago
Risk Assessment

The 'poetry' plugin v1.1 presents a mixed security posture. On the positive side, the plugin demonstrates excellent security hygiene by having no known CVEs and no recorded vulnerabilities. The static analysis also shows a clean slate regarding dangerous functions, SQL injection risks, file operations, and taint flows. This indicates a strong foundation in common vulnerability avoidance.

However, significant concerns arise from the output escaping and capability check signals. The fact that 0% of the 160 output operations are properly escaped is a critical weakness. This means user-supplied data or dynamic content displayed by the plugin is likely vulnerable to Cross-Site Scripting (XSS) attacks. Furthermore, the complete absence of capability checks on any potential entry points (even though the attack surface appears minimal) leaves the plugin vulnerable to unauthorized actions if new entry points are discovered or if existing ones are implicitly exposed through external HTTP requests.

In conclusion, while the plugin has avoided historical vulnerabilities and common pitfalls like raw SQL, the critical lack of output escaping and absence of capability checks represent serious security gaps. These weaknesses could be exploited to perform XSS attacks and potentially unauthorized actions, significantly undermining the plugin's overall security. The single external HTTP request also warrants scrutiny, especially given the lack of permission checks.

Key Concerns

  • No output escaping detected
  • No capability checks on entry points
  • External HTTP request without checks
Vulnerabilities
None known

Poetry Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Poetry Release Timeline

v1.1Current
v1.0
Code Analysis
Analyzed Apr 16, 2026

Poetry Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
160
0 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
1
Bundled Libraries
0

Output Escaping

0% escaped160 total outputs
Attack Surface

Poetry Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 1
actionwidgets_initpoetry.php:598
Maintenance & Trust

Poetry Maintenance & Trust

Maintenance Signals

WordPress version tested3.5.2
Last updatedFeb 18, 2013
PHP min version
Downloads3K

Community Trust

Rating60/100
Number of ratings1
Active installs10
Developer Profile

Poetry Developer Profile

Julian Yanover

5 plugins · 90 total installs

88
trust score
Avg Security Score
91/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Poetry

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes
random-poem
FAQ

Frequently Asked Questions about Poetry