Does Pterotype have any unpatched vulnerabilities?

No. All known vulnerabilities in Pterotype have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Pterotype compatible with WordPress 5.1.22?

According to WordPress.org data, Pterotype 1.4.3 has been tested up to WordPress 5.1.22. Check the plugin's changelog for the latest compatibility information.

Is Pterotype compatible with PHP 5.6.0+?

Pterotype requires PHP 5.6.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Pterotype updated?

Pterotype was last updated on Mar 15, 2019. Frequent updates are generally a positive security signal.

What is Pterotype's security score?

Pterotype has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Pterotype Security & Risk Analysis

wordpress.org/plugins/pterotype

Pterotype expands your audience by giving your blog an ActivityPub stream, making it a part of the Fediverse.

10 active installs v1.4.3 PHP 5.6.0+ WP 4.9.8+ Updated Mar 15, 2019

activitypubfederationfediverse

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Pterotype Safe to Use in 2026?

Generally Safe

Score 85/100

Pterotype has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The "pterotype" plugin v1.4.3 exhibits significant security concerns primarily due to its extensive, unprotected attack surface and lack of output escaping. While the plugin does not appear to have a history of known vulnerabilities and utilizes prepared statements for a majority of its SQL queries, the 10 unprotected REST API routes present a substantial risk. Any sensitive functionality exposed through these endpoints could be leveraged by unauthenticated users, leading to potential data leakage or unauthorized actions. The absence of any output escaping is particularly alarming, as it opens the door to Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into user interfaces. The presence of a flow with an unsanitized path in taint analysis, though not critical or high severity, warrants further investigation as it suggests a potential avenue for file system manipulation or other unintended behaviors. Overall, the plugin has a poor security posture due to the direct exposure of numerous entry points without proper authorization or sanitization, despite its lack of historical CVEs.

Key Concerns

10 unprotected REST API routes
0% properly escaped output
Flow with unsanitized paths
No nonce checks
No capability checks

Vulnerabilities

None known

Pterotype Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Pterotype Code Analysis

Dangerous Functions

Raw SQL Queries

58 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

74% prepared78 total queries

Output Escaping

0% escaped11 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

handle_non_api_requests (includes\server\api.php:140)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

10 unprotected

Pterotype Attack Surface

Entry Points10

Unprotected10

REST API Routes 10

POST/wp-json/pterotype/v1/actor/(?P<actor>[a-zA-Z0-9-_]+)/outboxincludes\server\api.php:92

GET/wp-json/pterotype/v1/actor/(?P<actor>[a-zA-Z0-9-_]+)/outboxincludes\server\api.php:97

POST/wp-json/pterotype/v1/actor/(?P<actor>[a-zA-Z0-9-_]+)/inboxincludes\server\api.php:101

GET/wp-json/pterotype/v1/actor/(?P<actor>[a-zA-Z0-9-_]+)/inboxincludes\server\api.php:105

GET/wp-json/pterotype/v1/actor/(?P<actor>[a-zA-Z0-9-_]+)includes\server\api.php:109

GET/wp-json/pterotype/v1/object/(?P<id>[0-9]+)includes\server\api.php:113

GET/wp-json/pterotype/v1/actor/(?P<actor>[a-zA-Z0-9-_]+)/followingincludes\server\api.php:117

GET/wp-json/pterotype/v1/actor/(?P<actor>[a-zA-Z0-9-_]+)/followersincludes\server\api.php:121

GET/wp-json/pterotype/v1/object/(?P<object>[0-9]+)/likesincludes\server\api.php:125

GET/wp-json/pterotype/v1/object/(?P<object>[0-9]+)/sharesincludes\server\api.php:129

WordPress Hooks 23

actionrest_api_initincludes\init.php:21

actionuser_registerincludes\init.php:25

actionpterotype_initincludes\init.php:36

actionpterotype_loadincludes\init.php:44

actionpterotype_uninstallincludes\init.php:49

actiongenerate_rewrite_rulesincludes\init.php:53

actionparse_requestincludes\init.php:55

filterquery_varsincludes\init.php:57

filterquery_varsincludes\init.php:59

actionwell_known_webfingerincludes\init.php:61

actiontransition_post_statusincludes\init.php:63

actiontransition_comment_statusincludes\init.php:65

actioncomment_postincludes\init.php:69

actionedit_commentincludes\init.php:71

actiontemplate_redirectincludes\init.php:73

actionupdate_option_blognameincludes\init.php:75

actionupdate_option_blogdescriptionincludes\init.php:79

actionupdate_option_pterotype_blog_nameincludes\init.php:88

actionupdate_option_pterotype_blog_descriptionincludes\init.php:92

actionupdate_option_pterotype_blog_iconincludes\init.php:96

actionadmin_menuincludes\init.php:100

filterget_avatarincludes\init.php:106

actionsetup_themepterotype.php:38

Maintenance & Trust

Pterotype Maintenance & Trust

Maintenance Signals

WordPress version tested5.1.22

Last updatedMar 15, 2019

PHP min version5.6.0

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Pterotype Alternatives

ActivityPub

activitypub

Connect your site to the Open Social Web and let millions of users follow, share, and interact with your content from Mastodon, Pixelfed, and more.

6K 5 CVEs

NodeInfo(2)

nodeinfo

100

NodeInfo and NodeInfo2 for WordPress!

1K No CVEs

Enable Mastodon Apps

enable-mastodon-apps

100

Allow accessing your WordPress with Mastodon clients. Just enter your own blog URL as your instance.

600 No CVEs

Event Bridge for ActivityPub

event-bridge-for-activitypub

100

Integrating popular event plugins with the ActivityPub plugin.

70 No CVEs

FediBoost

fediboost

100

Automatically boost WordPress posts on connected Mastodon accounts when published via ActivityPub.

0 No CVEs

Developer Profile

Pterotype Developer Profile

jdormit

1 plugin · 10 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Pterotype

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pterotype/js/icon-upload.js

HTML / DOM Fingerprints

CSS Classes

image-preview-wrapper

Data Attributes

id="pterotype_blog_icon_image"id="pterotype_blog_icon"id="pterotype_blog_icon_button"

REST Endpoints

/wp-json/pterotype/v1/actor//wp-json/pterotype/v1/outbox//wp-json/pterotype/v1/inbox//wp-json/pterotype/v1/object//wp-json/pterotype/v1/following//wp-json/pterotype/v1/followers//wp-json/pterotype/v1/likes//wp-json/pterotype/v1/shares/

FAQ