
Poetry Security & Risk Analysis
wordpress.org/plugins/poetryThis Widget will show random poems from 50 poets, obtained from mypoeticside.com
Is Poetry Safe to Use in 2026?
Generally Safe
Score 85/100Poetry has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The 'poetry' plugin v1.1 presents a mixed security posture. On the positive side, the plugin demonstrates excellent security hygiene by having no known CVEs and no recorded vulnerabilities. The static analysis also shows a clean slate regarding dangerous functions, SQL injection risks, file operations, and taint flows. This indicates a strong foundation in common vulnerability avoidance.
However, significant concerns arise from the output escaping and capability check signals. The fact that 0% of the 160 output operations are properly escaped is a critical weakness. This means user-supplied data or dynamic content displayed by the plugin is likely vulnerable to Cross-Site Scripting (XSS) attacks. Furthermore, the complete absence of capability checks on any potential entry points (even though the attack surface appears minimal) leaves the plugin vulnerable to unauthorized actions if new entry points are discovered or if existing ones are implicitly exposed through external HTTP requests.
In conclusion, while the plugin has avoided historical vulnerabilities and common pitfalls like raw SQL, the critical lack of output escaping and absence of capability checks represent serious security gaps. These weaknesses could be exploited to perform XSS attacks and potentially unauthorized actions, significantly undermining the plugin's overall security. The single external HTTP request also warrants scrutiny, especially given the lack of permission checks.
Key Concerns
- No output escaping detected
- No capability checks on entry points
- External HTTP request without checks
Poetry Security Vulnerabilities
Poetry Release Timeline
Poetry Code Analysis
Output Escaping
Poetry Attack Surface
WordPress Hooks 1
Maintenance & Trust
Poetry Maintenance & Trust
Maintenance Signals
Community Trust
Poetry Alternatives
Reusable Content Blocks
reusable-content-blocks
Reusable Content Blocks plugin allows you to insert contents (pages, posts, custom post types) created with WPBakery Page Builder into other contents, …
Lineate
lineate
Lineate provides simple shortcodes for formatting poetry in the WordPress editor.
Lyrics
lyrics-block
Add lyrics to your WordPress posts and pages.
Read a Poem – Month by Month
read-a-poem-month-by-month
Use this plugin to display dynamic fresh post content (poems) each month. Could be used for inspirational quotes or any monthly message.
Poetry Developer Profile
5 plugins · 90 total installs
How We Detect Poetry
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
HTML / DOM Fingerprints
random-poem