Does Protos TOC Generator have any unpatched vulnerabilities?

No. All known vulnerabilities in Protos TOC Generator have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Protos TOC Generator compatible with WordPress 6.9.4?

According to WordPress.org data, Protos TOC Generator 2.8 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Protos TOC Generator compatible with PHP 7.2+?

Protos TOC Generator requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Protos TOC Generator updated?

Protos TOC Generator was last updated on Unknown. Frequent updates are generally a positive security signal.

What is Protos TOC Generator's security score?

Protos TOC Generator has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Protos TOC Generator Security & Risk Analysis

wordpress.org/plugins/protos-toc-generator

Auto-generates a floating or inline table of contents with anchor links based on headings in your post. Improves readability and SEO.

0 active installs v2.8 PHP 7.2+ WP 5.0+ Updated Unknown

headingsnavigationseotable-of-contentstoc

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Protos TOC Generator Safe to Use in 2026?

Generally Safe

Score 100/100

Protos TOC Generator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The plugin "protos-toc-generator" v2.8 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The absence of dangerous functions, reliance on prepared statements for all SQL queries, and a high percentage of properly escaped output are positive indicators. The presence of nonce checks and the limited attack surface, with no unprotected entry points, further contribute to its secure design.

However, a significant area for improvement lies in the complete absence of capability checks for its single AJAX handler. While nonce checks are present, they are not a substitute for proper authorization checks to ensure only users with the necessary permissions can interact with this entry point. The lack of taint analysis results is also a slight concern, suggesting either no such analysis was performed or it yielded no findings; a comprehensive security audit would typically include taint analysis to identify potential data flow vulnerabilities.

With no recorded vulnerabilities, the plugin has a commendable track record. This suggests consistent developer attention to security. Nevertheless, the absence of capability checks remains a notable weakness that could be exploited if other security measures fail. In conclusion, while the plugin is built on good security foundations and has no known exploits, the missing capability checks on its AJAX handler represent a quantifiable risk that should be addressed.

Key Concerns

Missing capability checks on AJAX handler

Vulnerabilities

None known

Protos TOC Generator Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Protos TOC Generator Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

15 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

94% escaped16 total outputs

Attack Surface

Protos TOC Generator Attack Surface

Entry Points1

Unprotected0

AJAX Handlers 1

authwp_ajax_prottoge_send_feedbackincludes\prottoge-class-protos-deactivate.php:35

WordPress Hooks 7

filterthe_contentprotos-toc-generator.php:30

actionwp_enqueue_scriptsprotos-toc-generator.php:31

actionadmin_menuprotos-toc-generator.php:32

actionadmin_initprotos-toc-generator.php:33

actionadmin_enqueue_scriptsprotos-toc-generator.php:34

actionadmin_footerprotos-toc-generator.php:35

actionadmin_enqueue_scriptsprotos-toc-generator.php:36

Maintenance & Trust

Protos TOC Generator Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedUnknown

PHP min version7.2

Downloads401

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Protos TOC Generator Alternatives

LuckyWP Table of Contents

luckywp-table-of-contents

Creates SEO-friendly table of contents for your posts/pages. Works automatically or manually (via shortcode, Gutenberg block or widget).

100K 5 CVEs

Heroic Table of Contents

heroic-table-of-contents

100

Heroic Table of Contents is the easiest way to add a table of contents to your site.

5K No CVEs

Table Of Contents Block

wpwing-table-of-contents-block

100

Adds a custom Table of Contents block.

10 No CVEs

Anik Smart Table of Contents

anik-smart-table-of-contents

100

A lightweight, SEO-friendly Table of Contents plugin that automatically generates TOC from your headings with smooth scroll and collapsible features.

0 No CVEs

Developer Profile

Protos TOC Generator Developer Profile

Protos Software

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Protos TOC Generator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/protos-toc-generator/prottoge-style.css/wp-content/plugins/protos-toc-generator/prottoge-toc-scroll.js

HTML / DOM Fingerprints

CSS Classes

prottoge-tocprottoge-toc-toggleprottoge-list-iconprottoge-toc-contenttoc-level-1toc-level-2toc-level-3toc-level-4+3 more

HTML Comments

27-10-2025 BUTTON HTML

Data Attributes

aria-expandedaria-controlsid="prottoge-toc-list"

JS Globals

prottoge-toc-toggleprottoge-tocprottoge-toc-contentprottoge-toc-list

FAQ