Does SapientSEO have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is SapientSEO compatible with WordPress 6.8.5?

According to WordPress.org data, SapientSEO 1.0.45 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is SapientSEO compatible with PHP 7.4+?

SapientSEO requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is SapientSEO updated?

SapientSEO was last updated on Jun 20, 2025. Frequent updates are generally a positive security signal.

What is SapientSEO's security score?

SapientSEO has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

SapientSEO Security & Risk Analysis

wordpress.org/plugins/sapientseo

Adds secured custom REST API endpoints to integrate WordPress with the SapientSEO app.

10 active installs v1.0.45 PHP 7.4+ WP 5.0+ Updated Jun 20, 2025

custom-endpointsheadlessintegrationrest-apiseo

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is SapientSEO Safe to Use in 2026?

Generally Safe

Score 100/100

SapientSEO has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago

Risk Assessment

The plugin 'sapientseo' v1.0.45 exhibits a generally good security posture based on static analysis, with no critical or high-severity issues identified in taint flows and a clean vulnerability history. The use of prepared statements for all SQL queries and proper output escaping across all identified outputs are significant strengths. Furthermore, the absence of known CVEs and bundled libraries suggests a well-maintained or less complex codebase. However, there are notable concerns. The presence of an unprotected REST API route represents a direct attack vector, allowing unauthorized access or manipulation of data exposed by this route. The complete lack of nonce checks and capability checks across all entry points, particularly the 18 REST API routes, is a significant weakness. This suggests that user authentication and authorization are not being properly enforced at the plugin's entry points, potentially exposing sensitive functionality or data to any logged-in user, or even unauthenticated users if the unprotected REST API route allows it.

Key Concerns

Unprotected REST API route
Missing nonce checks
Missing capability checks

Vulnerabilities

None known

SapientSEO Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

SapientSEO Release Timeline

v1.0.45Current

v1.0.44

v1.0.43

v1.0.42

v1.0.41

v1.0.40

v1.0.39

v1.0.38

v1.0.37

v1.0.36

v1.0.35

v1.0.29

v1.0.28

v1.0.27

v1.0.26

v1.0.25

v1.0.24

v1.0.23

v1.0.22

v1.0.21

Code Analysis

Analyzed Mar 17, 2026

SapientSEO Code Analysis

Dangerous Functions

Raw SQL Queries

4 prepared

Unescaped Output

32 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared4 total queries

Output Escaping

100% escaped32 total outputs

Attack Surface

1 unprotected

SapientSEO Attack Surface

Entry Points18

Unprotected1

REST API Routes 18

GET/wp-json/sapientseo/v1/check-cache-headersinc\api\cache.php:5

GET/wp-json/sapientseo/v1/metadatainc\api\get-company-metadata.php:10

GET/wp-json/sapientseo/v1/schemasinc\api\get-schemas.php:9

GET/wp-json/sapientseo/v1/healthinc\api\health-check.php:8

GET/wp-json/sapientseo/v1/linksinc\api\links.php:11

GET/wp-json/sapientseo/v1/internal-linksinc\api\links.php:85

GET/wp-json/sapientseo/v1/mediainc\api\media.php:13

POST/wp-json/sapientseo/v1/mediainc\api\media.php:76

POST/wp-json/sapientseo/v1/create-postinc\api\posts.php:92

POST/wp-json/sapientseo/v1/update-postinc\api\posts.php:98

GET/wp-json/sapientseo/v1/posts/statusinc\api\posts.php:104

GET/wp-json/sapientseo/v1/postsinc\api\posts.php:110

GET/wp-json/sapientseo/v1/posts/(?P<id>\d+)inc\api\posts.php:116

POST/wp-json/sapientseo/v1/publish-postinc\api\posts.php:122

POST/wp-json/sapientseo/v1/delete-postinc\api\posts.php:128

GET/wp-json/sapientseo/v1/categories-tagsinc\api\terms.php:8

PATCH/wp-json/sapientseo/v1/terms/(?P<id>\d+)inc\api\terms.php:16

PATCH/wp-json/sapientseo/v1/terms/bulkinc\api\terms.php:24

WordPress Hooks 15

actionadmin_menuadmin\settings-page.php:6

actionadmin_enqueue_scriptsadmin\settings-page.php:18

actionrest_api_initinc\api\cache.php:4

actionrest_api_initinc\api\get-company-metadata.php:9

actionrest_api_initinc\api\get-schemas.php:8

actionrest_api_initinc\api\health-check.php:7

actionrest_api_initinc\api\links.php:10

actionrest_api_initinc\api\links.php:84

actionrest_api_initinc\api\media.php:12

actionrest_api_initinc\api\media.php:75

actionrest_api_initinc\api\posts.php:91

actionrest_api_initinc\api\terms.php:7

actioninitsapientseo.php:23

actiontemplate_redirectsapientseo.php:37

filterrest_post_dispatchsapientseo.php:49

Maintenance & Trust

SapientSEO Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 20, 2025

PHP min version7.4

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

SapientSEO Alternatives

ContentGecko Connector

contentgecko-connector

100

ContentGecko Connector syncs ContentGecko posts, products, and translations with WordPress securely.

60 No CVEs

WPGraphQL

wp-graphql

WPGraphQL adds a flexible and powerful GraphQL API to WordPress, enabling efficient querying and interaction with your site's data.

30K 9 CVEs

WPGraphQL Yoast SEO Addon

add-wpgraphql-seo

100

This plugin enables Yoast SEO Support for WPGraphQL.

10K No CVEs

Contact Form to Any API

contact-form-to-any-api

Send Contact Form 7 submissions to any API, Webhook or CRM - quick setup, flexible payloads, endpoints and authentication.

9K 1 unpatched

BabyLoveGrowth Integration

babylovegrowth-integration

100

Secure REST endpoint to publish posts from BabyLoveGrowth.ai backend via API key.

1K No CVEs

Developer Profile

SapientSEO Developer Profile

Gal Ben-Chanoch

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect SapientSEO

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sapientseo/assets/sapientseo-admin.css/wp-content/plugins/sapientseo/assets/sapientseo-admin.js

Script Paths

/wp-content/plugins/sapientseo/assets/sapientseo-admin.js

HTML / DOM Fingerprints

CSS Classes

sapientseo-admin-wrappersapientseo-logosapientseo-admin-titlesapientseo-signup-btnsapientseo-api-key-containersapientseo-secret-inputsapientseo-toggle-btnsapientseo-copy-btn

Data Attributes

data-routedata-methoddata-nonce

REST Endpoints

/sapientseo/v1/check-cache-headers/sapientseo/v1/metadata/sapientseo/v1/schemas

FAQ