WP-Safety

PRIMER by chloédigital Security & Risk Analysis

wordpress.org/plugins/primer-by-chloedigital

The best plugin to help grow your organic traffic via product-based images. Start making your images discoverable through product searches.

60 active installs v1.0.25 PHP + WP + Updated Aug 18, 2020
schemaschema-orgsearch-engine-optimizationseowordpress
63
C · Use Caution
CVEs total1
Unpatched1
Last CVEDec 29, 2025
Plugin page Download
Safety Verdict

Is PRIMER by chloédigital Safe to Use in 2026?

Use With Caution

Score 63/100

PRIMER by chloédigital has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Dec 29, 2025Updated 5yr ago
Risk Assessment

The "primer-by-chloedigital" plugin v1.0.25 presents a significant security risk due to multiple unprotected AJAX handlers and a concerning lack of proper output escaping and input sanitization. The static analysis reveals a substantial attack surface with all three identified entry points (AJAX handlers) lacking authentication checks. Furthermore, only a small percentage of SQL queries use prepared statements, and a similarly low percentage of output is properly escaped, indicating potential for SQL injection and cross-site scripting vulnerabilities. The presence of dangerous functions like `create_function` adds to the overall insecurity. The vulnerability history, including a known medium severity Cross-site Scripting (XSS) vulnerability that is currently unpatched, reinforces these concerns. While the absence of file operations and external HTTP requests is a positive sign, the current security posture is weak, requiring immediate attention to address the identified risks.

Key Concerns

  • Unprotected AJAX handlers
  • Low percentage of properly escaped output
  • Low percentage of prepared SQL statements
  • Unpatched Medium severity CVE
  • Use of dangerous function create_function
  • No capability checks on entry points
  • Flows with unsanitized paths
Vulnerabilities
1

PRIMER by chloédigital Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-68873medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PRIMER by chloédigital <= 1.0.25 - Reflected Cross-Site Scripting

Dec 29, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

PRIMER by chloédigital Code Analysis

Dangerous Functions
2
Raw SQL Queries
13
2 prepared
Unescaped Output
28
5 escaped
Nonce Checks
1
Capability Checks
0
File Operations
0
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

create_function$gallery_data[$key]['alt_image_ids'] = array_filter( $data['alt_image_ids'], create_function('$valueadmin\inc\post-options.php:587
create_function$gallery_data[$key]['products'] = array_filter( $data['products'], create_function('$value', 'returnadmin\inc\post-options.php:597

SQL Query Safety

13% prepared15 total queries

Output Escaping

15% escaped33 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
save_primer_data (admin\inc\save-global-data.php:4)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

PRIMER by chloédigital Attack Surface

Entry Points3
Unprotected3

AJAX Handlers 3

authwp_ajax_primer_dismiss_notification_handleradmin\inc\notifications.php:3
authwp_ajax_primer_show_later_notification_handleradmin\inc\notifications.php:8
authwp_ajax_primer_get_imageadmin\inc\save-global-data.php:129
WordPress Hooks 20
actionadmin_noticesadmin\inc\notifications.php:43
actionadmin_head-post.phpadmin\inc\post-options.php:3
actionadmin_head-post-new.phpadmin\inc\post-options.php:4
actionsave_postadmin\inc\post-options.php:5
actionadd_meta_boxesadmin\inc\post-options.php:6
actionsave_post_locationadmin\inc\post-options.php:7
actionadmin_post_nopriv_save_primer_dataadmin\inc\save-global-data.php:125
actionadmin_post_save_primer_dataadmin\inc\save-global-data.php:126
actionplugins_loadedincludes\class-primer-by-chloedigital.php:142
actionadmin_enqueue_scriptsincludes\class-primer-by-chloedigital.php:157
actionadmin_enqueue_scriptsincludes\class-primer-by-chloedigital.php:158
actionadmin_menuincludes\class-primer-by-chloedigital.php:161
filtermanage_posts_columnsincludes\class-primer-by-chloedigital.php:165
actionmanage_posts_custom_columnincludes\class-primer-by-chloedigital.php:166
actionupgrader_process_completeincludes\class-primer-by-chloedigital.php:167
actionupgrader_process_completeincludes\class-primer-by-chloedigital.php:168
actionwp_enqueue_scriptsincludes\class-primer-by-chloedigital.php:183
actionwp_enqueue_scriptsincludes\class-primer-by-chloedigital.php:184
actionwp_headincludes\class-primer-by-chloedigital.php:185
actionadmin_noticesprimer-by-chloedigital.php:72
Maintenance & Trust

PRIMER by chloédigital Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19
Last updatedAug 18, 2020
PHP min version
Downloads4K

Community Trust

Rating0/100
Number of ratings0
Active installs60
Alternatives

PRIMER by chloédigital Alternatives

hCard Widget for WordPress

hCard Widget for WordPress

hcard-widget

A
85

Creates a widget that outputs contact information for individuals or organizations with Schema.org compliant markup.

10 No CVEs
Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

Rank Math SEO – AI SEO Tools to Dominate SEO Rankings

seo-by-rank-math

A
86

Rank Math SEO is the best WordPress SEO plugin with the features of many SEO and AI SEO tools in a single package to help multiply your SEO traffic.

3.0M 20 CVEs
SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

surerank

A
97

SureRank – SEO Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema

300K 1 CVE
Schema – All In One Schema Rich Snippets

Schema – All In One Schema Rich Snippets

all-in-one-schemaorg-rich-snippets

A
99

Improve SEO, elevate rankings and Boost CTR. Supports different types of content and works well with Google, Bing, Yahoo, and Facebook.

30K 2 CVEs
FAQ Schema For Pages And Posts

FAQ Schema For Pages And Posts

faq-schema-for-pages-and-posts

A
85

FAQ Schema For Pages And Posts by Krystian Szastok Founder of RobotZebra - a London based SEO agency, allows you to turn questions and answers on your &hellip;

8K No CVEs
Developer Profile

PRIMER by chloédigital Developer Profile

chloédigital

1 plugin · 60 total installs

68
trust score
Avg Security Score
63/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect PRIMER by chloédigital

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/primer-by-chloedigital/admin/css/primer-by-chloedigital-admin.css/wp-content/plugins/primer-by-chloedigital/admin/js/primer-by-chloedigital-admin.js/wp-content/plugins/primer-by-chloedigital/admin/js/admin-scripts.js/wp-content/plugins/primer-by-chloedigital/admin/js/jquery.validate.min.js
Script Paths
admin/js/primer-by-chloedigital-admin.jsadmin/js/admin-scripts.jsadmin/js/jquery.validate.min.js
Version Parameters
primer-by-chloedigital/admin/css/primer-by-chloedigital-admin.css?ver=primer-by-chloedigital/admin/js/primer-by-chloedigital-admin.js?ver=primer-by-chloedigital/admin/js/jquery.validate.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
primer-settings-messageprimer_check_settings_messageprimer_message_submark_containerprimer_message_submark
Data Attributes
dashicons-primer-mark-wht
JS Globals
PBCD_PLUGIN_VERSION
FAQ

Frequently Asked Questions about PRIMER by chloédigital