Does s2 Safety have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is s2 Safety compatible with WordPress 6.0.11?

According to WordPress.org data, s2 Safety 1.9.2 has been tested up to WordPress 6.0.11. Check the plugin's changelog for the latest compatibility information.

Is s2 Safety compatible with PHP 5.2.17+?

s2 Safety requires PHP 5.2.17 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is s2 Safety updated?

s2 Safety was last updated on May 29, 2022. Frequent updates are generally a positive security signal.

What is s2 Safety's security score?

s2 Safety has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

s2 Safety Security & Risk Analysis

wordpress.org/plugins/s2-safety-functions

WordPress plugin to add instant security basics

10 active installs v1.9.2 PHP 5.2.17+ WP + Updated May 29, 2022

referrer-policy-header-etcx-content-type-optionsx-frame-optionsx-xss-protection

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is s2 Safety Safe to Use in 2026?

Generally Safe

Score 85/100

s2 Safety has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3yr ago

Risk Assessment

The "s2-safety-functions" v1.9.2 plugin exhibits a strong security posture based on the provided static analysis. The absence of any identified AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the plugin's attack surface. Furthermore, the code signals are overwhelmingly positive, with no dangerous functions, all SQL queries utilizing prepared statements, and all output being properly escaped. The lack of file operations, external HTTP requests, nonce checks, and capability checks, while potentially indicating limited functionality, also means these common vectors for exploitation are not present.

The taint analysis reveals no identified flows with unsanitized paths, indicating that the plugin does not appear to improperly handle or expose data. The vulnerability history is also exceptionally clean, with zero recorded CVEs of any severity. This suggests a plugin that has either been meticulously developed with security in mind or has not been subjected to extensive security scrutiny, but in the absence of reported issues, it points towards a low risk of known exploitable vulnerabilities.

In conclusion, the "s2-safety-functions" plugin, based on this analysis, appears to be very secure. Its minimal attack surface and clean code signals are commendable. The lack of any historical vulnerabilities further reinforces its perceived safety. However, it's important to note that a lack of reported vulnerabilities doesn't guarantee absolute security, especially if the plugin has a very limited user base or has not undergone comprehensive security audits. Nevertheless, for the current version and based on the provided data, the risk is assessed as very low.

Vulnerabilities

None known

s2 Safety Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

s2 Safety Release Timeline

No version history available.

Code Analysis

Analyzed Mar 16, 2026

s2 Safety Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

s2 Safety Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 2

actionplugins_loadeds2_safety.php:14

actionsend_headerss2_safety.php:37

Maintenance & Trust

s2 Safety Maintenance & Trust

Maintenance Signals

WordPress version tested6.0.11

Last updatedMay 29, 2022

PHP min version5.2.17

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

s2 Safety Alternatives

Simple Iframe Buster

simple-iframe-buster

Provides a method of setting the X-Frame-Options header to SAMEORIGIN. Also enqueues a javascript based iframe blocker.

100 No CVEs

Abdal Security Headers

abdal-security-headers

Enhance WordPress security with essential HTTP security headers, protecting against XSS, clickjacking, and other common web vulnerabilities.

10 No CVEs

TurnUpSecurity HTTP Headers – Simple & Secure WordPress HTTP Headers

turnupsecurity-http-headers

Thank you for downloading our plugin. TurnUpSecurity HTTP Headers plugin allows you to enable HTTP headers from the settings page.

10 No CVEs

Ruigehond embed

ruigehond-embed

100

Prevent your site from being embedded. Select specific urls that may be embedded from specific origins.

0 No CVEs

Developer Profile

s2 Safety Developer Profile

Sebas2

3 plugins · 40 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect s2 Safety

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

HTML Comments

<!-- Clickjacking is one of the malicious attacks used against people on the web. 
            Back in 2009 Microsoft came out with a new measure in IE8 to fight against clickjacking that’s 
            since been adopted by Firefox, Chrome, Safari, Opera, and others. This is through servers 
            setting a http header of X-Frame-Options and browsers following the settings. -->

FAQ