Does Required Fields have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Required Fields compatible with WordPress 4.9.29?

According to WordPress.org data, Required Fields 1.9.5 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Required Fields updated?

Required Fields was last updated on Feb 7, 2018. Frequent updates are generally a positive security signal.

What is Required Fields's security score?

Required Fields has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Required Fields Security & Risk Analysis

wordpress.org/plugins/required-fields

Required Fields can help you write your Posts, Pages without forgetting fields, if you forget something you'll be alerted about that!

100 active installs v1.9.5 PHP + WP 4.x+ Updated Feb 7, 2018

categoriesfieldsrequiredtagstaxonomy

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Required Fields Safe to Use in 2026?

Generally Safe

Score 85/100

Required Fields has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The "required-fields" plugin v1.9.5 exhibits a generally strong security posture in terms of its attack surface and the absence of known vulnerabilities. The static analysis reveals no identifiable entry points like AJAX handlers, REST API routes, or shortcodes that could be exploited. Furthermore, there are no recorded CVEs for this plugin, suggesting a history of security maintenance or a lack of prior discovery of exploitable flaws.

However, a significant concern arises from the output escaping analysis, which indicates that 0% of the 29 identified outputs are properly escaped. This is a critical weakness, as unescaped output can lead to cross-site scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into web pages viewed by other users. While the taint analysis shows no specific unsanitized flows, the widespread lack of output escaping presents a substantial risk that could be leveraged if any user-supplied data reaches these output points without proper sanitization.

In conclusion, while the plugin is commendable for its minimal attack surface and clean vulnerability history, the pervasive issue with output escaping is a major security concern that significantly outweighs these positives. This weakness requires immediate attention to prevent potential XSS attacks. The absence of capability checks on the single identified capability check point is also a minor concern, though its impact is limited by the lack of other exposed functionality.

Key Concerns

0% of outputs properly escaped
No capability checks on identified capability check

Vulnerabilities

None known

Required Fields Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Required Fields Release Timeline

v1.9.5Current

v1.9

v1.8

v1.7

v1.6

v1.5

v1.4

v1.3

v1.2

v1.1

v1.0

Code Analysis

Analyzed Mar 16, 2026

Required Fields Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped29 total outputs

Attack Surface

Required Fields Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionadmin_initrequired-fields.php:92

actionadmin_menurequired-fields.php:106

actionwp_enqueue_scriptrequired-fields.php:245

actionadmin_footer-post.phprequired-fields.php:466

actionadmin_footer-post-new.phprequired-fields.php:467

Maintenance & Trust

Required Fields Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedFeb 7, 2018

PHP min version

Downloads46K

Community Trust

Rating88/100

Number of ratings7

Active installs100

Alternatives

Required Fields Alternatives

WP Required Taxonomies – Categories and Tags Mandatory

required-taxonomies

Force users to select a taxonomy term when publishing posts. For example, make category or tags required

1K No CVEs

JSM Show Term Metadata

jsm-show-term-meta

100

Show term metadata in a metabox when editing terms - a great tool for debugging issues with term metadata.

800 No CVEs

Bulk Add Terms

bulk-add-terms

A lightweight plugin to add thousands of taxonomy terms in one go.

600 No CVEs

Term Taxonomy Converter

term-taxonomy-converter

Copy or convert terms between taxonomies.

500 1 CVE

E-Commerce Autocomplete Search Bar

woo-autocomplete-search-bar

100

E-Commerce Autocomplete Search Bar: An autocomplete searchbar for E-Commerce products, categories, tags, or taxonomy

200 No CVEs

Developer Profile

Required Fields Developer Profile

NikosTsolakos

2 plugins · 190 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Required Fields

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/required-fields/css/style.css

Version Parameters

required-fields/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

required_fieldsrf_de_active_sectionrf_main_sectionrf_frpage_sectionrf_error_sectionrf_footerdonatebtns+1 more

Data Attributes

id="required_fields"id="submit-rf-options"id="rf_img"

FAQ