Does RsCards Maker have any unpatched vulnerabilities?

No. All known vulnerabilities in RsCards Maker have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is RsCards Maker compatible with WordPress 6.7.5?

According to WordPress.org data, RsCards Maker 1.0.0 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is RsCards Maker compatible with PHP 7.0+?

RsCards Maker requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is RsCards Maker updated?

RsCards Maker was last updated on Nov 21, 2024. Frequent updates are generally a positive security signal.

What is RsCards Maker's security score?

RsCards Maker has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

RsCards Maker Security & Risk Analysis

wordpress.org/plugins/rscards-maker

RsCards Maker is a versatile tool designed to create and customize greeting Christmas cards.

10 active installs v1.0.0 PHP 7.0+ WP 5.7+ Updated Nov 21, 2024

christmas-cardsend-email-christmas-cardwish-your-friend-christmas-card

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is RsCards Maker Safe to Use in 2026?

Generally Safe

Score 92/100

RsCards Maker has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The rscards-maker plugin v1.0.0 exhibits a generally strong security posture based on the provided static analysis. The absence of any known vulnerabilities (CVEs) or recorded past issues is a significant positive indicator. The code demonstrates good practices such as using prepared statements for all SQL queries and a very high percentage of properly escaped output, minimizing risks of SQL injection and Cross-Site Scripting (XSS). The limited attack surface of two entry points, both of which appear to be protected by nonces and capability checks, further bolsters its security.

However, the analysis does highlight a critical area for improvement: the complete lack of capability checks on any entry points. While nonces are present for two identified entry points, the absence of capability checks means that even authenticated users might be able to access or manipulate functionalities they shouldn't. This could lead to privilege escalation or unauthorized actions if an attacker can trick a logged-in user into interacting with these endpoints. The presence of file operations and external HTTP requests, while not inherently insecure, are areas that warrant careful review to ensure they are not inadvertently creating vulnerabilities.

In conclusion, rscards-maker v1.0.0 is off to a promising start with robust handling of SQL and output sanitization, and no historical vulnerabilities. The key weakness lies in the missing capability checks, which should be addressed immediately to prevent potential unauthorized access and privilege escalation. The limited number of entry points makes this a manageable fix. Further scrutiny of file operations and external requests is recommended for comprehensive security.

Key Concerns

Missing capability checks on entry points

Vulnerabilities

None known

RsCards Maker Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

RsCards Maker Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

63 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

98% escaped64 total outputs

Attack Surface

RsCards Maker Attack Surface

Entry Points2

Unprotected0

AJAX Handlers 1

authwp_ajax_rs_card_image_downloadrscards-maker.php:85

Shortcodes 1

[rs-cards-maker] public\class-rscards-maker-public.php:53

WordPress Hooks 10

actionadmin_menuadmin\class-rscards-maker-admin.php:55

actionplugins_loadedincludes\class-rscards-maker.php:142

actionadmin_enqueue_scriptsincludes\class-rscards-maker.php:157

actionadmin_enqueue_scriptsincludes\class-rscards-maker.php:158

actionwp_enqueue_scriptsincludes\class-rscards-maker.php:173

actionwp_enqueue_scriptsincludes\class-rscards-maker.php:174

actionwp_enqueue_scriptspublic\class-rscards-maker-public.php:101

actionwp_enqueue_scriptspublic\class-rscards-maker-public.php:102

actionplugins_loadedpublic\class-rscards-maker-public.php:105

actionadmin_enqueue_scriptsrscards-maker.php:205

Maintenance & Trust

RsCards Maker Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedNov 21, 2024

PHP min version7.0

Downloads591

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

RsCards Maker Alternatives

No alternatives data available yet.

Developer Profile

RsCards Maker Developer Profile

RS Software

3 plugins · 150 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect RsCards Maker

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/rscards-maker/admin/images/loading.gif

Script Paths

/wp-content/plugins/rscards-maker/admin/js/rscards-maker-custom-script.js

HTML / DOM Fingerprints

JS Globals

rsCardsMaker

FAQ