Requirements Checklist Security & Risk Analysis
wordpress.org/plugins/post-type-requirements-checklistAllows admins to require content to be entered before a page/post can be published.
Is Requirements Checklist Safe to Use in 2026?
Generally Safe
Score 85/100Requirements Checklist has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The post-type-requirements-checklist plugin v2.4 presents a generally positive security posture based on the static analysis. The absence of identified AJAX handlers, REST API routes, shortcodes, and cron events significantly limits its attack surface. Furthermore, the code analysis shows no instances of dangerous functions, file operations, or external HTTP requests, which are common vectors for exploitation. The use of prepared statements for the single SQL query indicates good practice in preventing SQL injection.
However, a significant concern arises from the output escaping metric, with only 1% of 105 outputs being properly escaped. This indicates a high potential for Cross-Site Scripting (XSS) vulnerabilities, as user-supplied data or data processed by the plugin could be rendered directly in the browser without sufficient sanitization, allowing attackers to inject malicious scripts.
The plugin's vulnerability history is clean, with no recorded CVEs, which is a strong positive indicator. This suggests a history of responsible development and timely patching. The lack of taint flows also points to a well-written codebase that likely handles data flow securely internally. Despite the concerning output escaping, the overall lack of critical code signals and a clean vulnerability history, combined with a minimal attack surface, leads to a conclusion that while immediate critical threats are not apparent from this analysis, the XSS risk due to poor output escaping requires attention.
Key Concerns
- Low percentage of properly escaped output
Requirements Checklist Security Vulnerabilities
Requirements Checklist Release Timeline
Requirements Checklist Code Analysis
SQL Query Safety
Output Escaping
Requirements Checklist Attack Surface
WordPress Hooks 9
Maintenance & Trust
Requirements Checklist Maintenance & Trust
Maintenance Signals
Community Trust
Requirements Checklist Alternatives
System Requirements Check
system-requirements-check
Checks for the specified version of the operating systems, web browsers, screen resolution, IP address, Flash Player, JRE, cookie, and Javascript.
Travel Buddy
travel-buddy
Visa Requirements Widget Plugin
Is Your Server Ready for WordPress 3.5
is-your-server-ready-for-wordpress-32
Is your site ready for WordPress 3.5? If your not sure your web server meets the minimum requirements for 3.5 this plugin will let you know.
GDPR READY ADVICE
gdpr-ready-advice
Really simple free and responsive widget for your site. Show a tiny banner in your footer to let visitors know that your site is GDPR compliant.
Wagering Requirement Calculator
wagering-requirement-calculator
The wagering requirement calculator is made to help casino players calculate the bonus wagering requirement before claiming it.
Requirements Checklist Developer Profile
2 plugins · 1K total installs
How We Detect Requirements Checklist
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/post-type-requirements-checklist/css/aptrc.cssHTML / DOM Fingerprints
reqcb<!--
* Post Type Requirements Checklist.
*
* Help Clients Help Themselves
*
* @package Post_Type_Requirements_Checklist
* @author Dave Winter (dave@dauid.us)
* @license GPL-2.0+
* @link http://dauid.us
* @copyright 2014 dauid.us
--><!--
*
* The code below is intended to to give the lightest footprint possible.
--><!--
* Title
*
* @since 1.0
-->name="title_checkbox"onclick="return false;"onkeydown="return false;"name="title_checkbox"type="checkbox"name="title_checkbox"+2 moreaptrc