WP-Safety

Scriblio Security & Risk Analysis

wordpress.org/plugins/scriblio

Scriblio enables faceted searching and browsing of WordPress posts, pages, and custom post types.

10 active installs v3.3 PHP + WP 3.3+ Updated Oct 30, 2014
catalogfacetslibrarieslibraryscriblio
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Scriblio Safe to Use in 2026?

Generally Safe

Score 85/100

Scriblio has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11yr ago
Risk Assessment

The "scriblio" plugin v3.3 presents a mixed security posture. While it has no recorded vulnerability history (CVEs), the static analysis reveals significant concerns. The plugin exposes an unprotected AJAX handler, which is a critical entry point for potential attacks. The taint analysis indicates multiple flows with unsanitized paths, with three flagged as high severity, suggesting potential for injecting malicious data or commands. Additionally, the plugin utilizes dangerous functions like `unserialize` and `set_time_limit`, and a concerning 57% of its output is not properly escaped, increasing the risk of cross-site scripting (XSS) vulnerabilities. The absence of nonce checks on the exposed AJAX handler is a major oversight. The limited capability checks also contribute to a weaker security posture. Despite the lack of historical CVEs, the identified code-level weaknesses, particularly the unprotected AJAX endpoint and high-severity taint flows, warrant careful consideration and mitigation.

Key Concerns

  • Unprotected AJAX handler
  • High severity unsanitized taint flows (3)
  • Use of dangerous functions (unserialize)
  • Low output escaping percentage (43%)
  • Missing nonce checks
  • Limited capability checks (2)
Vulnerabilities
None known

Scriblio Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Scriblio Release Timeline

v3.2
v3.0
v2.9-r1
v2.9-r2
v2.7-r1
v2.7-r2
v2.7-r3
v2.7-r4
v2.7b02
v2.7b03
v2.7b04
v2.6b01
v2.3v6
vr001
vr013
vr027
vr039
vr047
vr062
vr088
Code Analysis
Analyzed Apr 16, 2026

Scriblio Code Analysis

Dangerous Functions
5
Raw SQL Queries
10
19 prepared
Unescaped Output
65
50 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$data = unserialize( $data );compatibility/compatibility.php:206
set_time_limitset_time_limit( 900 );compatibility/compatibility.php:814
unserialize$r = unserialize( $post['content'] );compatibility/compatibility.php:819
set_time_limitset_time_limit( 900 );compatibility/compatibility.php:882
unserialize$r = unserialize( $post['content'] );compatibility/compatibility.php:884

SQL Query Safety

66% prepared29 total queries

Output Escaping

43% escaped115 total outputs
Data Flows · Security
6 unsanitized

Data Flow Analysis

6 flows6 with unsanitized paths
meditor_metabox (compatibility/compatibility.php:201)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Scriblio Attack Surface

Entry Points4
Unprotected1

AJAX Handlers 1

authwp_ajax_meditor_suggest_tagscompatibility/compatibility.php:17

Shortcodes 3

[scrib_availability] compatibility/compatibility.php:23
[scrib_hit_count] plugin/class-facets.php:17
[facets] plugin/class-facets.php:18
WordPress Hooks 23
actioninitcompatibility/compatibility.php:15
actioninitcompatibility/compatibility.php:19
actionadmin_menucompatibility/compatibility.php:21
actionadmin_menucompatibility/compatibility.php:25
actionsave_postcompatibility/compatibility.php:27
filterpre_post_titlecompatibility/compatibility.php:28
filterpre_post_excerptcompatibility/compatibility.php:29
filterpre_post_contentcompatibility/compatibility.php:30
actionadmin_footercompatibility/compatibility.php:225
actionadmin_menucompatibility/compatibility.php:524
actionparse_queryplugin/class-facets.php:14
actiontemplate_redirectplugin/class-facets.php:15
filterposts_requestplugin/class-facets.php:86
actionwp_headplugin/class-facets.php:110
actionparse_queryplugin/class-facets.php:164
actionwp_headplugin/class-facets.php:264
actioninitplugin/class-scrib-suggest.php:18
actionwp_footerplugin/class-scrib-suggest.php:21
actionwp_loadedplugin/class-scriblio.php:60
actionparse_queryplugin/class-scriblio.php:61
actionwp_footerplugin/class-scriblio.php:62
filterwijax-actionsplugin/widgets.php:9
actionwidgets_initplugin/widgets.php:312
Maintenance & Trust

Scriblio Maintenance & Trust

Maintenance Signals

WordPress version tested4.0.38
Last updatedOct 30, 2014
PHP min version
Downloads12K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Scriblio Alternatives

WP Books Gallery – Build Stunning Book Showcases & Libraries in Minutes

WP Books Gallery – Build Stunning Book Showcases & Libraries in Minutes

wp-books-gallery

A
98

WordPress Book Gallery will build a mobile-friendly book gallery, book showcase, or book library in a few minutes.

2K 2 CVEs
RS WP Book Showcase – A Complete Book Catalogue & Library System

RS WP Book Showcase – A Complete Book Catalogue & Library System

rs-wp-books-showcase

C
58

Premier WordPress book gallery plugin, offering advanced search options and multiple layouts for effortless book showcasing.

1K 2 unpatched
Library Bookshelves

Library Bookshelves

library-bookshelves

C
66

Create bookshelves that link to your library catalog. Use shortcodes to display book covers in carousels.

500 1 unpatched
BNC BiblioShare

BNC BiblioShare

bnc-biblioshare

A
85

Displays a book's cover image, title, author, and other book data from BiblioShare

20 No CVEs
Bestseller Lists from the New York Times

Bestseller Lists from the New York Times

bestseller-lists-from-new-york-times

A
100

Integrate bestseller lists from the New York Times into your own site with a user-friendly interface.

10 No CVEs
Developer Profile

Scriblio Developer Profile

Casey Bisson

8 plugins · 290 total installs

66
trust score
Avg Security Score
82/100
Avg Patch Time
3405 days
View full developer profile
Detection Fingerprints

How We Detect Scriblio

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/scriblio/css/editor.css/wp-content/plugins/scriblio/js/editor.js/wp-content/plugins/scriblio/js/jquery.keyboard-a11y.js
Script Paths
/wp-content/plugins/scriblio/js/editor.js/wp-content/plugins/scriblio/js/jquery.keyboard-a11y.js

HTML / DOM Fingerprints

CSS Classes
scrib_meditor_endfieldset_title
Data Attributes
id="scrib_meditor"id="scrib_meditor-search-search"
JS Globals
scriblio
Shortcode Output
[scrib_availability]
FAQ

Frequently Asked Questions about Scriblio