ReWord Security & Risk Analysis
wordpress.org/plugins/rewordReWord - Make It Right! Allow your readers to help and report mistakes in your site.
Is ReWord Safe to Use in 2026?
Generally Safe
Score 100/100ReWord has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "reword" plugin v4.0.0 exhibits a mixed security posture. On the positive side, it demonstrates strong practices regarding SQL queries, exclusively using prepared statements, and has no recorded vulnerability history or dangerous functions. This suggests a developer conscious of common plugin vulnerabilities. However, the plugin presents significant concerns related to its attack surface. It has two AJAX handlers, both of which lack authentication checks. This is a critical oversight, as it allows any unauthenticated user to trigger these handlers, potentially leading to unintended actions or information disclosure if the handlers perform sensitive operations. While taint analysis found no specific issues, the lack of authentication on entry points is a substantial risk that bypasses the need for taint analysis to be exploited.
The absence of any recorded vulnerabilities is a positive indicator, suggesting the plugin has been relatively secure in the past or has not been extensively targeted. However, this must be weighed against the identified security weaknesses in the current version. The plugin's strength in SQL sanitization is commendable, but it is overshadowed by the critical flaw of unprotected AJAX endpoints. Therefore, while the developer shows promise in some areas, the "reword" plugin v4.0.0 should be considered to have a moderate to high risk due to the unprotected AJAX handlers, which represent a clear and exploitable attack vector.
Key Concerns
- AJAX handlers without authentication checks
- AJAX handlers without authentication checks
- Low percentage of properly escaped output
ReWord Security Vulnerabilities
ReWord Release Timeline
ReWord Code Analysis
SQL Query Safety
Output Escaping
ReWord Attack Surface
AJAX Handlers 2
WordPress Hooks 4
Maintenance & Trust
ReWord Maintenance & Trust
Maintenance Signals
Community Trust
ReWord Alternatives
Report an error
report-an-error
With this plugin visitors will be able to report typos or mistakes seen on your websites.
Misspelling Reporter
misspelling-reporter
Allows users to highlight misspelled text and report to the site/article admins. Inspired by #BeachPress 2013
Fonts Plugin | Google Fonts, Adobe Fonts & Upload Fonts
olympus-google-fonts
Instantly change your entire website's typography with Google Fonts, Adobe Fonts, or custom fonts — no coding required. Live preview your changes.
Use Any Font | Custom Font Uploader
use-any-font
Upload custom fonts with custom font uploader. Auto converts to woff2 for better performance. Self-hosted, GDPR compliant, and easy custom font plugin
Easy Google Fonts
easy-google-fonts
Adds google fonts to any theme without coding and integrates with the WordPress Customizer automatically for a realtime live preview.
ReWord Developer Profile
1 plugin · 30 total installs
How We Detect ReWord
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/reword/public/css/reword-public.css/wp-content/plugins/reword/public/js/reword-public.js/wp-content/plugins/reword/admin/css/reword-admin.css/wp-content/plugins/reword/public/js/reword-public.jsreword/public/css/reword-public.css?ver=reword/public/js/reword-public.js?ver=reword/admin/css/reword-admin.css?ver=HTML / DOM Fingerprints
reword-icon-topreword-icon-leftreword-admin-report-mistake-wrapdata-reword-idreword_ajax_object/wp-json/reword/v1/mistake