Does Revisions have any unpatched vulnerabilities?

No. All known vulnerabilities in Revisions have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Revisions compatible with WordPress 2.5.1?

According to WordPress.org data, Revisions 1.8.3 has been tested up to WordPress 2.5.1. Check the plugin's changelog for the latest compatibility information.

How often is Revisions updated?

Revisions was last updated on May 23, 2008. Frequent updates are generally a positive security signal.

What is Revisions's security score?

Revisions has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Revisions Security & Risk Analysis

wordpress.org/plugins/revisions

Provide Versioning, Preview and Rollback ability on Pages and Posts.

20 active installs v1.8.3 PHP + WP 2.0.3+ Updated May 23, 2008

admincontenteditorrevisionversioning

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Revisions Safe to Use in 2026?

Generally Safe

Score 85/100

Revisions has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 17yr ago

Risk Assessment

The "revisions" v1.8.3 plugin exhibits a mixed security posture. On one hand, the absence of direct entry points like AJAX handlers, REST API routes, shortcodes, and cron events, along with a lack of known CVEs, suggests a potentially low exposure to common attack vectors. However, the static analysis reveals significant concerns within the codebase. The presence of dangerous functions like 'assert' and 'unserialize' is a red flag, as these can lead to serious vulnerabilities if not handled with extreme care. Furthermore, the output escaping is alarmingly low at only 7%, indicating a high risk of cross-site scripting (XSS) vulnerabilities where user-supplied data might be rendered without proper sanitization. The taint analysis showing two flows with unsanitized paths, both classified as high severity, directly supports these XSS concerns.

The vulnerability history being completely clean is a positive indicator, suggesting that the plugin developers have not introduced critical flaws in the past or have effectively patched them. This, combined with the lack of direct attack surface, provides some comfort. Nevertheless, the internal code quality issues, particularly around output escaping and the use of potentially dangerous functions, present a substantial inherent risk. The plugin's strengths lie in its limited external attack surface and clean vulnerability history. Its weaknesses are the internal code quality risks related to output escaping and dangerous function usage, which could be exploited if an indirect attack vector or a previously undiscovered vulnerability exists.

Key Concerns

High percentage of unsanitized output
Dangerous functions found (assert, unserialize)
High severity taint flows found
Low usage of prepared statements for SQL queries
No nonce checks
Limited capability checks

Vulnerabilities

None known

Revisions Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Revisions Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

2 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

assertUSE_ASSERTS && assert($yi < $n_to || $this->xchanged[$xi]);Diff.php:214

assertUSE_ASSERTS && assert($xi < $n_from || $this->ychanged[$yi]);Diff.php:215

assertUSE_ASSERTS && assert($k > 0);Diff.php:318

assertUSE_ASSERTS && assert($y < $this->seq[$k]);Diff.php:324

assertUSE_ASSERTS && assert($k > 0);Diff.php:332

assertUSE_ASSERTS && assert($ypos != $this->seq[$end]);Diff.php:374

assertUSE_ASSERTS && assert('sizeof($lines) == sizeof($changed)');Diff.php:460

assertUSE_ASSERTS && assert('$j < $other_len && ! $other_changed[$j]');Diff.php:480

assertUSE_ASSERTS && assert('$j > 0');Diff.php:512

assertUSE_ASSERTS && assert('$j >= 0 && !$other_changed[$j]');Diff.php:515

assertUSE_ASSERTS && assert('$j < $other_len && ! $other_changed[$j]');Diff.php:538

assertUSE_ASSERTS && assert('$j > 0');Diff.php:555

assertUSE_ASSERTS && assert('$j >= 0 && !$other_changed[$j]');Diff.php:558

assertassert(sizeof($from_lines) == sizeof($mapped_from_lines));Diff.php:744

assertassert(sizeof($to_lines) == sizeof($mapped_to_lines));Diff.php:745

assertassert(!strstr($word, "\n"));Diff.php:987

unserialize$revision_status_info = unserialize($revision_status_info);revisions.php:211

unserialize$revision_status_info = unserialize($revision_status_info);revisions.php:486

SQL Query Safety

67% prepared6 total queries

Output Escaping

7% escaped27 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

load_content (revisions.php:246)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Revisions Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 10

actionadmin_headrevisions.php:58

filterthe_postsrevisions.php:59

actiondelete_postrevisions.php:60

filterthe_editor_contentrevisions.php:61

actionadmin_menurevisions.php:63

actionpre_post_updaterevisions.php:69

actionsubmitpost_boxrevisions.php:70

actionsubmitpage_boxrevisions.php:71

actiondbx_page_advancedrevisions.php:82

actiondbx_post_advancedrevisions.php:83

Maintenance & Trust

Revisions Maintenance & Trust

Maintenance Signals

WordPress version tested2.5.1

Last updatedMay 23, 2008

PHP min version

Downloads8K

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

Revisions Alternatives

Count Post Signs

count-post-signs

Counts signs (characters and spaces) in real time while you are writing your content. Works for any kind of "post type" out of the box.

10 No CVEs

Arunstheme Editorial Notes

arunstheme-editorial-notes

100

Private editorial notes and status manager for WordPress posts and pages. Filter, track, and manage content workflow easily.

0 No CVEs

PublishPress Capabilities – User Role Editor, Access Permissions, User Capabilities, Admin Menus

capability-manager-enhanced

PublishPress Capabilities is the access control plugin. You can manage user capabilities, permissions, user roles, admin menus and more.

100K 4 CVEs

Ultimate Dashboard – Custom WordPress Dashboard

ultimate-dashboard

The #1 Plugin to Customize the WordPress Dashboard!

60K 8 CVEs

Revision Control

revision-control

Revision Control allows finer control over the Post Revision system included with WordPress

40K No CVEs

Developer Profile

Revisions Developer Profile

Paul Menard

4 plugins · 240 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Revisions

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/revisions/revisions_style_admin.css

Script Paths

/wp-content/plugins/revisions/jquery.js

HTML / DOM Fingerprints

CSS Classes

revision-minor-editrevision-statuswarning

HTML Comments

Data Attributes

id="revision-minor-edit-input-sideinfo"id="revision-status-input-sideinfo"id="revision-minor-edit-input"id="revision-status-input"id="revision-action-anchor"id="revision-hidden"+1 more

FAQ