Does RunThings Secrets have any unpatched vulnerabilities?

No. All known vulnerabilities in RunThings Secrets have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is RunThings Secrets compatible with WordPress 6.9.4?

According to WordPress.org data, RunThings Secrets 1.9.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is RunThings Secrets compatible with PHP 7.2+?

RunThings Secrets requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is RunThings Secrets updated?

RunThings Secrets was last updated on Dec 16, 2025. Frequent updates are generally a positive security signal.

What is RunThings Secrets's security score?

RunThings Secrets has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

RunThings Secrets Security & Risk Analysis

wordpress.org/plugins/runthings-secrets

Securely share secrets with a time-limited URL, avoiding passwords in chats or emails.

10 active installs v1.9.0 PHP 7.2+ WP 6.2+ Updated Dec 16, 2025

private-linkssecure-sharingtemporary-linkstime-limited-accessurl-sharing

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is RunThings Secrets Safe to Use in 2026?

Generally Safe

Score 100/100

RunThings Secrets has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The "runthings-secrets" v1.9.0 plugin exhibits a generally good security posture based on the provided static analysis. The absence of known CVEs and a lack of recorded historical vulnerabilities suggest a well-maintained and secure codebase. The code also demonstrates strong adherence to secure coding practices, with all SQL queries utilizing prepared statements and a high percentage of output being properly escaped. The presence of nonce and capability checks further strengthens its defenses against common web attacks.

However, there are minor areas for potential improvement. While the attack surface is small and has no explicitly unprotected entry points, the plugin does utilize shortcodes, which can sometimes be an avenue for exploitation if not carefully handled. The inclusion of bundled libraries like Select2, while not inherently a risk, warrants attention to ensure it's kept up-to-date to prevent potential inherited vulnerabilities. Overall, the plugin is strong, but vigilance regarding bundled dependencies and careful implementation of shortcode functionality would further enhance its security.

Key Concerns

Bundled library (Select2)
Shortcodes present in attack surface

Vulnerabilities

None known

RunThings Secrets Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

RunThings Secrets Code Analysis

Dangerous Functions

Raw SQL Queries

15 prepared

Unescaped Output

124 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

100% prepared15 total queries

Output Escaping

82% escaped152 total outputs

Attack Surface

RunThings Secrets Attack Surface

Entry Points3

Unprotected0

Shortcodes 3

[runthings_secrets_add] includes\Integration\Shortcodes\Shortcodes.php:28

[runthings_secrets_created] includes\Integration\Shortcodes\Shortcodes.php:29

[runthings_secrets_view] includes\Integration\Shortcodes\Shortcodes.php:30

WordPress Hooks 35

actionadmin_menuincludes\Admin\OptionsPage.php:20

actionadmin_footerincludes\Admin\OptionsPage.php:21

actionadmin_initincludes\Admin\Sections\AdvancedSettings.php:13

actionadmin_initincludes\Admin\Sections\AdvancedSettings.php:14

actionadmin_noticesincludes\Admin\Sections\AdvancedSettings.php:49

actionadmin_initincludes\Admin\Sections\EncryptionSettings.php:23

actionadmin_initincludes\Admin\Sections\EncryptionSettings.php:24

actionadmin_noticesincludes\Admin\Sections\EncryptionSettings.php:45

actionadmin_noticesincludes\Admin\Sections\PagesSettings.php:13

actionadmin_enqueue_scriptsincludes\Admin\Sections\PagesSettings.php:14

actionadmin_initincludes\Admin\Sections\PagesSettings.php:15

actionadmin_initincludes\Admin\Sections\RateLimitSettings.php:13

actionadmin_initincludes\Admin\Sections\SpamProtectionSettings.php:13

actionadmin_initincludes\Admin\Sections\StatsSettings.php:13

actioninitincludes\Integration\BlockEditor\Blocks.php:23

actionenqueue_block_editor_assetsincludes\Integration\BlockEditor\Blocks.php:24

actiontemplate_redirectincludes\Render\Views\AddSecret.php:21

actionwp_enqueue_scriptsincludes\Render\Views\AddSecret.php:28

actionwp_enqueue_scriptsincludes\Render\Views\AddSecret.php:29

actionwp_enqueue_scriptsincludes\Render\Views\AddSecret.php:30

actionwp_enqueue_scriptsincludes\Render\Views\SecretCreated.php:26

actionwp_enqueue_scriptsincludes\Render\Views\SecretCreated.php:27

actiontemplate_redirectincludes\Render\Views\ViewSecret.php:21

actionwp_enqueue_scriptsincludes\Render\Views\ViewSecret.php:60

actionwp_enqueue_scriptsincludes\Render\Views\ViewSecret.php:61

actionrunthings_secrets_check_rate_limitincludes\Security\RateLimit.php:15

actionadmin_noticesincludes\Security\SodiumEncryption.php:18

actionadmin_noticesincludes\Security\SodiumEncryption.php:24

actionadmin_initincludes\Template\TemplateChecker.php:23

actionadmin_noticesincludes\Template\TemplateChecker.php:55

actioninitrunthings-secrets.php:78

filterplugin_action_links_runthings-secrets/runthings-secrets.phprunthings-secrets.php:88

actioninitrunthings-secrets.php:90

actionrunthings_secrets_clear_expired_secretsrunthings-secrets.php:91

actionplugins_loadedrunthings-secrets.php:220

Maintenance & Trust

RunThings Secrets Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 16, 2025

PHP min version7.2

Downloads991

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

RunThings Secrets Alternatives

No alternatives data available yet.

Developer Profile

RunThings Secrets Developer Profile

runthings.dev

11 plugins · 2K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

14 days

View full developer profile

Detection Fingerprints

How We Detect RunThings Secrets

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/runthings-secrets/dist/css/runthings-secrets-admin.css/wp-content/plugins/runthings-secrets/dist/js/runthings-secrets-admin.js/wp-content/plugins/runthings-secrets/dist/js/runthings-secrets-admin-chunks-vendors.js/wp-content/plugins/runthings-secrets/dist/css/runthings-secrets-style.css/wp-content/plugins/runthings-secrets/dist/js/runthings-secrets-script.js/wp-content/plugins/runthings-secrets/dist/js/runthings-secrets-script-chunks-vendors.js

Script Paths

/wp-content/plugins/runthings-secrets/dist/js/runthings-secrets-admin.js/wp-content/plugins/runthings-secrets/dist/js/runthings-secrets-admin-chunks-vendors.js/wp-content/plugins/runthings-secrets/dist/js/runthings-secrets-script.js/wp-content/plugins/runthings-secrets/dist/js/runthings-secrets-script-chunks-vendors.js

Version Parameters

runthings-secrets/dist/css/runthings-secrets-admin.css?ver=runthings-secrets/dist/js/runthings-secrets-admin.js?ver=runthings-secrets/dist/js/runthings-secrets-admin-chunks-vendors.js?ver=runthings-secrets/dist/css/runthings-secrets-style.css?ver=runthings-secrets/dist/js/runthings-secrets-script.js?ver=runthings-secrets/dist/js/runthings-secrets-script-chunks-vendors.js?ver=

HTML / DOM Fingerprints

CSS Classes

runthings-secrets-settings-wrap

HTML Comments

Data Attributes

data-runthings-secrets-noncedata-runthings-secrets-id

JS Globals

runthingsSecretsAdmin

REST Endpoints

/wp-json/runthings-secrets/v1/secrets

FAQ