Does Publir – Holistic Revenue Engine (HRE) have any unpatched vulnerabilities?

No. All known vulnerabilities in Publir – Holistic Revenue Engine (HRE) have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Publir – Holistic Revenue Engine (HRE) compatible with WordPress 6.8.5?

According to WordPress.org data, Publir – Holistic Revenue Engine (HRE) 1.3.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Publir – Holistic Revenue Engine (HRE) compatible with PHP 5.2.4+?

Publir – Holistic Revenue Engine (HRE) requires PHP 5.2.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Publir – Holistic Revenue Engine (HRE) updated?

Publir – Holistic Revenue Engine (HRE) was last updated on Nov 12, 2025. Frequent updates are generally a positive security signal.

What is Publir – Holistic Revenue Engine (HRE)'s security score?

Publir – Holistic Revenue Engine (HRE) has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Publir – Holistic Revenue Engine (HRE) Security & Risk Analysis

wordpress.org/plugins/publir-ump

Seamlessly monetize your WordPress site with optimized ads and premium subscriptions — no code required.

10 active installs v1.3.2 PHP 5.2.4+ WP 4.6+ Updated Nov 12, 2025

ad-manageradblock-recoveryadsadsensesubscriptions

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Publir – Holistic Revenue Engine (HRE) Safe to Use in 2026?

Generally Safe

Score 100/100

Publir – Holistic Revenue Engine (HRE) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The publir-ump plugin, version 1.3.2, exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping all output, which are critical for preventing common web vulnerabilities. It also has no recorded vulnerability history, suggesting a generally stable codebase. However, a significant concern arises from the attack surface. The plugin exposes 18 AJAX handlers that lack any authentication checks. This means that any unauthenticated user could potentially trigger these AJAX actions, leading to serious security risks if these handlers perform sensitive operations or are susceptible to other vulnerabilities not immediately apparent in the static analysis.

The static analysis reveals no dangerous functions, critical taint flows, or SQL queries without prepared statements. This indicates a lack of direct code-level vulnerabilities in these specific areas. The absence of bundled libraries also removes the risk associated with outdated dependencies. Despite the strong adherence to secure coding practices in SQL and output handling, the substantial number of unprotected AJAX endpoints represents a critical weakness that could be exploited to compromise the site. The plugin's vulnerability history is clean, which is a positive indicator, but it does not negate the immediate risks posed by the exposed AJAX handlers.

In conclusion, while publir-ump implements good security measures regarding database queries and output sanitization, the significant number of unprotected AJAX handlers presents a substantial risk. This could allow for unauthorized actions or information disclosure if these handlers are not intrinsically secured by other means. The plugin's lack of historical vulnerabilities is reassuring, but the current attack surface requires immediate attention to secure these entry points. A balanced assessment shows strengths in core secure coding practices but a critical weakness in access control for its AJAX functionality.

Key Concerns

Unprotected AJAX handlers

Vulnerabilities

None known

Publir – Holistic Revenue Engine (HRE) Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Publir – Holistic Revenue Engine (HRE) Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

109 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped109 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

publir_ilc_load_settings_page (settings.php:51)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

18 unprotected

Publir – Holistic Revenue Engine (HRE) Attack Surface

Entry Points25

Unprotected18

AJAX Handlers 18

authwp_ajax_publir_login_actionump.php:341

noprivwp_ajax_publir_login_actionump.php:342

authwp_ajax_publir_update_password_actionump.php:460

noprivwp_ajax_publir_update_password_actionump.php:461

authwp_ajax_publir_display_name_actionump.php:543

noprivwp_ajax_publir_display_name_actionump.php:544

authwp_ajax_publir_check_email_actionump.php:614

noprivwp_ajax_publir_check_email_actionump.php:615

authwp_ajax_publir_cancel_subscription_actionump.php:669

noprivwp_ajax_publir_cancel_subscription_actionump.php:670

authwp_ajax_publir_stripe_payment_actionump.php:816

noprivwp_ajax_publir_stripe_payment_actionump.php:817

authwp_ajax_publir_stripe_update_card_actionump.php:952

noprivwp_ajax_publir_stripe_update_card_actionump.php:953

authwp_ajax_publir_logout_publirump.php:1090

noprivwp_ajax_publir_logout_publirump.php:1091

noprivwp_ajax_publir_adblock_pAnalytics_callback_actionump.php:1116

authwp_ajax_publir_adblock_pAnalytics_callback_actionump.php:1117

Shortcodes 7

[publir_login] ump.php:14

[publir_update_password] ump.php:57

[publir_update_display_name] ump.php:97

[publir_reset_password] ump.php:128

[publir_cancel_subscription] ump.php:159

[publir_register] ump.php:200

[publir_update_card] ump.php:295

WordPress Hooks 13

actionwp_enqueue_scriptsfunctions.php:39

filterscript_loader_tagfunctions.php:69

actionwp_enqueue_scriptsfunctions.php:95

actioninitfunctions.php:97

filtertheme_page_templatesfunctions.php:133

filtertemplate_includefunctions.php:151

actionwp_body_openfunctions.php:179

actionadmin_menuoptions.php:14

actionadmin_initoptions.php:15

actionadmin_menuoptions.php:65

filterupload_diroptions.php:162

actioninitsettings.php:7

actionadmin_menusettings.php:8

Maintenance & Trust

Publir – Holistic Revenue Engine (HRE) Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedNov 12, 2025

PHP min version5.2.4

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

Publir – Holistic Revenue Engine (HRE) Alternatives

Ad Inserter – Ad Manager & AdSense Ads

ad-inserter

Manage Google AdSense ads, banners, ad rotation, sticky widgets, AMP ads, ads.txt, tracking, header and footer code, PHP code, global custom fields

300K 12 CVEs

Advanced Ads – Ad Manager & AdSense

advanced-ads

The only complete toolkit for all ad types. Grow your revenue with AdSense, Amazon—or any affiliate network. Get pinpoint targeting and best support!

100K 8 CVEs

AdRotate Banner Manager

adrotate

Easily manage, and schedule ads on your WordPress site with AdRotate. Support for Google AdSense, Amazon, and custom banners. Start monetizing today!

20K 9 CVEs

Quads Ads Manager for Google AdSense

quick-adsense-reloaded

Ads & AdSense plugin supporting Media.net, DFP, ads.txt, Web Stories ads, click fraud protection, revenue sharing, and ad blocker detection.

20K 4 CVEs

Universal Google Adsense and Ads manager

universal-google-adsense-and-ads-manager

Universal Google AdSense and Ads Manager is a flexible easy to use Google Adsense, custom ads & script manager WordPress plugin.

2K 1 unpatched

Developer Profile

Publir – Holistic Revenue Engine (HRE) Developer Profile

publirump

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Publir – Holistic Revenue Engine (HRE)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/publir-ump/assets/loader.gif

HTML / DOM Fingerprints

CSS Classes

publir-login-formpublirump-loginpublirump-login-responsepublirump-login-buttonpublir-login-loaderpublir-update-passpblr-update-responsepublir-update-pass-img+7 more

Data Attributes

id="login-form"id="update-pass"id="update-displayname"id="reset-form"id="cancel-form"

REST Endpoints

publir_login_actionpublir_update_password_actionpublir_display_name_actionpublir_check_email_actionpublir_cancel_subscription

Shortcode Output

<h3><?php _e(esc_attr($options['publir_subs_programming']));?> Subscription</h3><p>Thank you for subscribing</p>

<p>Need to change your access code or update your card? For your security, please <a href="javascript:void(0);" id="logout-publir">re-login</a> to update your account.</p>

<h3><?php _e(esc_attr($options['publir_subs_programming']));?> Sign-in</h3>

FAQ