Does QS Core Modules have any unpatched vulnerabilities?

No. All known vulnerabilities in QS Core Modules have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is QS Core Modules compatible with WordPress 6.8.5?

According to WordPress.org data, QS Core Modules 1.0.16 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is QS Core Modules compatible with PHP 7.0+?

QS Core Modules requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is QS Core Modules updated?

QS Core Modules was last updated on Unknown. Frequent updates are generally a positive security signal.

What is QS Core Modules's security score?

QS Core Modules has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

QS Core Modules Security & Risk Analysis

wordpress.org/plugins/qs-core-modules

A very lightweight plugin to add core functionality that every WordPress install needs.

0 active installs v1.0.16 PHP 7.0+ WP 5.0+ Updated Unknown

disable-xmlrpc-and-wp-jsonheader-and-footer-scriptslimit-login-attemptsmaintenance-moderemove-version

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is QS Core Modules Safe to Use in 2026?

Generally Safe

Score 100/100

QS Core Modules has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "qs-core-modules" v1.0.16 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of any known CVEs, critical or high-severity taint flows, and a high percentage of properly escaped output are all positive indicators. The use of prepared statements for all SQL queries further strengthens its security. The limited attack surface, with only one shortcode and no unprotected entry points, is also commendable. The plugin demonstrates good practices in several areas, including nonce and capability checks.

However, the analysis does highlight a couple of areas for potential concern. The presence of file operations, while not explicitly flagged as problematic, warrants attention as such operations can sometimes introduce vulnerabilities if not handled with extreme care. The limited number of capability checks (one) combined with the presence of file operations might suggest potential areas for privilege escalation if not thoroughly validated. While the vulnerability history is clean, indicating a lack of past issues, this does not guarantee future safety. Continuous vigilance and updates are still crucial.

In conclusion, "qs-core-modules" v1.0.16 appears to be a relatively secure plugin, demonstrating good development practices. Its strengths lie in its clean vulnerability history, secure SQL handling, and limited attack surface. The main areas for attention are the file operations and the relatively low number of capability checks, which, while not directly indicating a vulnerability, represent potential attack vectors that should be carefully reviewed.

Key Concerns

File operations present
Low number of capability checks

Vulnerabilities

None known

QS Core Modules Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

QS Core Modules Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

49 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

94% escaped52 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

settings_page (admin\settings-page.php:37)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

QS Core Modules Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[QSCM42_AddPHP] includes\modules\QSCM42_AddPHP\QSCM42_AddPHP.php:31

WordPress Hooks 35

actionadmin_menuadmin\settings-page.php:19

actionadmin_enqueue_scriptsadmin\settings-page.php:32

actionadmin_menuincludes\modules\QSCM42_AddHeadAndFoot\QSCM42_AddHeadAndFoot.php:17

actionwp_headincludes\modules\QSCM42_AddHeadAndFoot\QSCM42_AddHeadAndFoot.php:18

actionwp_footerincludes\modules\QSCM42_AddHeadAndFoot\QSCM42_AddHeadAndFoot.php:19

actionadmin_menuincludes\modules\QSCM42_AddPHP\QSCM42_AddPHP.php:32

actionadmin_initincludes\modules\QSCM42_LimitLogins\QSCM42_LimitLogins.php:20

actionwp_login_failedincludes\modules\QSCM42_LimitLogins\QSCM42_LimitLogins.php:21

actionwp_loginincludes\modules\QSCM42_LimitLogins\QSCM42_LimitLogins.php:22

filterwp_authenticate_userincludes\modules\QSCM42_LimitLogins\QSCM42_LimitLogins.php:23

actionadmin_menuincludes\modules\QSCM42_LimitLogins\QSCM42_LimitLogins.php:24

actionwp_enqueue_scriptsincludes\modules\QSCM42_LimitLogins\QSCM42_LimitLogins.php:26

actionadmin_enqueue_scriptsincludes\modules\QSCM42_LimitLogins\QSCM42_LimitLogins.php:27

actionlogin_enqueue_scriptsincludes\modules\QSCM42_LimitLogins\QSCM42_LimitLogins.php:30

actionlogin_footerincludes\modules\QSCM42_LimitLogins\QSCM42_LimitLogins.php:31

actionadmin_menuincludes\modules\QSCM42_MaintMode\QSCM42_MaintMode.php:15

actionadmin_initincludes\modules\QSCM42_MaintMode\QSCM42_MaintMode.php:16

actiontemplate_redirectincludes\modules\QSCM42_MaintMode\QSCM42_MaintMode.php:18

actionadmin_menuincludes\modules\QSCM42_RemoveVersions\QSCM42_RemoveVersions.php:22

actionadmin_initincludes\modules\QSCM42_RemoveVersions\QSCM42_RemoveVersions.php:23

actionxmlrpc_callincludes\modules\QSCM42_RemoveVersions\QSCM42_RemoveVersions.php:25

actioninitincludes\modules\QSCM42_RemoveVersions\QSCM42_RemoveVersions.php:27

actionrest_api_initincludes\modules\QSCM42_RemoveVersions\QSCM42_RemoveVersions.php:28

filterstyle_loader_srcincludes\modules\QSCM42_RemoveVersions\QSCM42_RemoveVersions.php:31

filterscript_loader_srcincludes\modules\QSCM42_RemoveVersions\QSCM42_RemoveVersions.php:34

filterwp_revisions_to_keepincludes\modules\QSCM42_RemoveVersions\QSCM42_RemoveVersions.php:36

filterthe_generatorincludes\modules\QSCM42_RemoveVersions\QSCM42_RemoveVersions.php:189

filterrest_indexincludes\modules\QSCM42_RemoveVersions\QSCM42_RemoveVersions.php:194

filtertiny_mce_pluginsincludes\modules\QSCM42_RemoveVersions\QSCM42_RemoveVersions.php:208

filteremoji_svg_urlincludes\modules\QSCM42_RemoveVersions\QSCM42_RemoveVersions.php:213

filterxmlrpc_enabledincludes\modules\QSCM42_RemoveVersions\QSCM42_RemoveVersions.php:217

actionadmin_noticesQS-Core-Modules.php:27

actionwp_enqueue_scriptsQS-Core-Modules.php:43

actionadmin_enqueue_scriptsQS-Core-Modules.php:44

actionplugins_loadedQS-Core-Modules.php:62

Maintenance & Trust

QS Core Modules Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedUnknown

PHP min version7.0

Downloads486

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

QS Core Modules Alternatives

Maintenance

maintenance

100

Great looking maintenance, coming soon & under construction pages. Put your site under maintenance in minutes.

1.0M 1 CVE

Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode

coming-soon

Easy Drag & Drop Page Builder. A complete solution to create a WordPress Website, Custom Themes, Landing Pages, Coming Soon & Maintenance Mode Pages.

700K 1 unpatched

LightStart – Maintenance Mode, Coming Soon and Landing Page Builder

wp-maintenance-mode

Easy Drag & Drop Page Builder that adds a splash page to your site that it's perfect for a coming soon page, maintenance or landing page.

500K 6 CVEs

Password Protected — Lock Entire Site, Pages, Posts, Categories, and Partial Content

password-protected

Protect your WordPress site, pages, posts, WooCommerce products, and categories with single or multiple passwords.

300K 5 CVEs

CMP – Coming Soon & Maintenance Plugin by NiteoThemes

cmp-coming-soon-maintenance

Beautiful Coming soon, Maintenance or Landing page on your website, packed with premium features for free.

200K 6 CVEs

Developer Profile

QS Core Modules Developer Profile

Quantum Slice Corporation

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect QS Core Modules

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/qs-core-modules/QSCM42_LimitLogins.js

Script Paths