Does Pollux have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Pollux compatible with WordPress 5.6.17?

According to WordPress.org data, Pollux 1.5.2 has been tested up to WordPress 5.6.17. Check the plugin's changelog for the latest compatibility information.

Is Pollux compatible with PHP 5.6+?

Pollux requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Pollux updated?

Pollux was last updated on Mar 10, 2023. Frequent updates are generally a positive security signal.

What is Pollux's security score?

Pollux has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Pollux Security & Risk Analysis

wordpress.org/plugins/pollux

Pollux allows you to easily add custom Post Types, Taxonomies, Meta Boxes, Global Settings, Archive Page meta, and more...all within mere minutes.

10 active installs v1.5.2 PHP 5.6+ WP 4.7.0+ Updated Mar 10, 2023

custom-post-typescustom-taxonomiespolluxpost-typestaxonomies

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Pollux Safe to Use in 2026?

Generally Safe

Score 85/100

Pollux has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The 'pollux' plugin v1.5.2 exhibits a mixed security posture. On the positive side, it has no known vulnerabilities or CVEs, no critical or high severity taint flows, and all SQL queries are properly prepared, which are excellent indicators of secure coding practices. The plugin also performs a reasonable number of nonce and capability checks.

However, there are significant concerns regarding its attack surface and output escaping. The presence of one AJAX handler without authentication checks is a direct security risk, as it could potentially be exploited by unauthenticated users. Furthermore, a very low percentage (12%) of output escaping is a major red flag. This indicates a high probability of cross-site scripting (XSS) vulnerabilities across numerous output points within the plugin.

While the lack of historical vulnerabilities is reassuring, the low output escaping rate suggests that current security practices are insufficient. The plugin needs immediate attention to address the unauthenticated AJAX endpoint and, more critically, to implement proper output escaping for all its generated content to prevent XSS attacks. The strengths in SQL handling and lack of known CVEs are overshadowed by these critical weaknesses.

Key Concerns

AJAX handler without auth checks
Low output escaping rate (12%)

Vulnerabilities

None known

Pollux Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Pollux Release Timeline

v1.5.2Current

v1.5.1

v1.5.0

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.4

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.3

v1.0.2

v1.0.1

v1.0.0

Code Analysis

Analyzed Mar 17, 2026

Pollux Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

9 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

12% escaped74 total outputs

Attack Surface

1 unprotected

Pollux Attack Surface

Entry Points3

Unprotected1

AJAX Handlers 3

authwp_ajax_pollux/dependency/activate_urlsrc\GateKeeper.php:39

authwp_ajax_pollux/archives/featured/htmlsrc\PostType\Archive.php:28

authwp_ajax_pollux/archives/featuredsrc\PostType\Archive.php:31

WordPress Hooks 45

actionactivated_pluginactivate.php:44

actionadmin_noticesactivate.php:45

actionplugins_loadedsrc\Application.php:59

actionadmin_enqueue_scriptssrc\Application.php:62

actionadmin_initsrc\Application.php:63

actionwp_before_admin_bar_rendersrc\Application.php:64

filteradmin_footer_textsrc\Application.php:66

filterpre_option_blog_publicsrc\Application.php:70

actionadmin_menusrc\Config\Config.php:42

actionadmin_menusrc\Config\Config.php:43

actioncurrent_screensrc\Config\Config.php:44

actionadmin_initsrc\GateKeeper.php:31

actioncurrent_screensrc\GateKeeper.php:38

actionadmin_noticessrc\GateKeeper.php:40

actioncurrent_screensrc\GateKeeper.php:41

filterrwmb_normalize_map_fieldsrc\MetaBox\MetaBox.php:39

filterrwmb_showsrc\MetaBox\MetaBox.php:40

filterrwmb_meta_boxessrc\MetaBox\MetaBox.php:41

filterrwmb_outer_htmlsrc\MetaBox\MetaBox.php:42

actionpollux/archives/initsrc\PostType\Archive.php:29

actionpollux/archives/editorsrc\PostType\Archive.php:30

filterpollux/archives/metabox/submitsrc\PostType\Archive.php:32

filterpollux/archives/show/instructionssrc\PostType\Archive.php:33

actioninitsrc\PostType\DisablePosts.php:30

actionwp_dashboard_setupsrc\PostType\DisablePosts.php:31

actionwelcome_panelsrc\PostType\DisablePosts.php:32

actionadmin_bar_menusrc\PostType\DisablePosts.php:33

actionadmin_menusrc\PostType\DisablePosts.php:34

actionadmin_initsrc\PostType\DisablePosts.php:35

actionwidgets_initsrc\PostType\DisablePosts.php:36

filterposts_resultssrc\PostType\DisablePosts.php:37

filterpre_get_postssrc\PostType\DisablePosts.php:38

actioninitsrc\PostType\PostType.php:53

actionpollux/archives/initsrc\Settings\RWMetaBox.php:25

actionpollux/settings/initsrc\Settings\RWMetaBox.php:26

filterrwmb_field_metasrc\Settings\RWMetaBox.php:27

filterrwmb_normalize_fieldsrc\Settings\RWMetaBox.php:28

actioncurrent_screensrc\Settings\Settings.php:46

actionadmin_menusrc\Settings\Settings.php:47

actionadmin_menusrc\Settings\Settings.php:48

actionadmin_print_footer_scriptssrc\Settings\Settings.php:50

actionrestrict_manage_postssrc\Taxonomy\Taxonomy.php:42

actioninitsrc\Taxonomy\Taxonomy.php:43

filterparse_querysrc\Taxonomy\Taxonomy.php:44

filtergive_load_admin_scriptsthirdparty.php:6

Maintenance & Trust

Pollux Maintenance & Trust

Maintenance Signals

WordPress version tested5.6.17

Last updatedMar 10, 2023

PHP min version5.6

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Pollux Alternatives

Meta Box

meta-box

Meta Box plugin is a powerful, professional developer toolkit to create custom meta boxes and custom fields for your custom post types in WordPress.

500K 7 CVEs

Pods – Custom Content Types and Fields

pods

Pods is a framework for creating, managing, and deploying customized content types and fields for any project.

100K 14 CVEs

MB Custom Post Types & Custom Taxonomies

mb-custom-post-type

Create and manage custom post types and custom taxonomies with an easy-to-use UI in WordPress.

10K 1 CVE

CubeWP Framework

cubewp-framework

CubeWP is an end-to-end dynamic content framework for WordPress to help you shrink time and cut cost of development up to 90%.

4K 1 unpatched

Custom post types, Custom Fields & more

custom-post-types

Custom Post Types, Custom Fields, Custom Taxonomies, Custom Templates, Custom Admin Pages, Custom Admin Notices. Directly from the WP dashboard.

3K 3 CVEs

Developer Profile

Pollux Developer Profile

Gemini Labs

3 plugins · 61K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

427 days

View full developer profile

Detection Fingerprints

How We Detect Pollux

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pollux/assets/main.css/wp-content/plugins/pollux/assets/codemirror.css/wp-content/plugins/pollux/assets/codemirror.js/wp-content/plugins/pollux/assets/main.js

Script Paths

/wp-content/plugins/pollux/assets/main.js/wp-content/plugins/pollux/assets/codemirror.js

Version Parameters

pollux/main.css?ver=pollux/codemirror.css?ver=pollux/codemirror.js?ver=pollux/main.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-pollux-id

JS Globals

pollux

FAQ