WP-Safety

SEOPress for MainWP Security & Risk Analysis

wordpress.org/plugins/seopress-for-mainwp

SEOPress for MainWP extension, is an-addon for MainWP and SEOPress plugins. Edit your SEOPress global settings directly from MainWP dashboard site.

900 active installs v1.5 PHP 7.4+ WP 6.0+ Updated Jul 2, 2025
mainwpmultiple-wordpress-sitesseowordpress-managementwordpress-manager
98
A · Safe
CVEs total1
Unpatched0
Last CVEJul 25, 2025
Plugin page Download
Safety Verdict

Is SEOPress for MainWP Safe to Use in 2026?

Generally Safe

Score 98/100

SEOPress for MainWP has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jul 25, 2025Updated 9mo ago
Risk Assessment

The "seopress-for-mainwp" v1.5 plugin exhibits a generally strong security posture based on the static analysis, with all identified entry points (AJAX handlers) protected by nonce and capability checks. The code demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping all output, indicating a commitment to preventing common web vulnerabilities like SQL injection and cross-site scripting. Furthermore, the absence of file operations and a clean taint analysis with no unsanitized paths are positive indicators.

However, a significant concern arises from the plugin's vulnerability history. A single high-severity Common Vulnerabilities and Exposures (CVE) entry, specifically an Improper Control of Filename for Include/Require Statement (PHP Remote File Inclusion), is a serious red flag. While this vulnerability is noted as currently unpatched, the analysis date (implied by the 2025 CVE date) suggests it might be a future or hypothetical vulnerability. If this historical vulnerability were present and unpatched, it would pose a critical risk. The presence of external HTTP requests, while not inherently insecure, warrants scrutiny in conjunction with other security findings.

In conclusion, the static code analysis reveals robust security practices. Nevertheless, the historical high-severity vulnerability cannot be ignored. While the plugin appears to be well-coded currently, the past existence of a serious vulnerability demands caution and thorough investigation to ensure no residual risks or similar vulnerabilities are present or emerge in future versions. The lack of any current unpatched vulnerabilities is a positive sign, but diligence is still required.

Key Concerns

  • Historical high-severity CVE found
Vulnerabilities
1

SEOPress for MainWP Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

High
1

1 total CVE

CVE-2025-48298high · 8.1Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

SEOPress for MainWP <= 1.4 - Unauthenticated Local File Inclusion

Jul 25, 2025 Patched in 1.5 (4d)
Code Analysis
Analyzed Mar 16, 2026

SEOPress for MainWP Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
4 prepared
Unescaped Output
0
164 escaped
Nonce Checks
14
Capability Checks
18
File Operations
0
External Requests
3
Bundled Libraries
0

SQL Query Safety

100% prepared4 total queries

Output Escaping

100% escaped164 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
save_pro_licence (inc\ajax\class-licence.php:38)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

SEOPress for MainWP Attack Surface

Entry Points14
Unprotected0

AJAX Handlers 14

authwp_ajax_mainwp_seopress_save_advanced_settingsinc\ajax\class-advanced.php:31
authwp_ajax_mainwp_seopress_save_analytics_settingsinc\ajax\class-analytics.php:27
authwp_ajax_mainwp_seopress_export_settingsinc\ajax\class-export.php:27
authwp_ajax_mainwp_seopress_import_settingsinc\ajax\class-import.php:27
authwp_ajax_mainwp_seopress_save_instant_indexing_settingsinc\ajax\class-instant-indexing.php:27
authwp_ajax_mainwp_seopress_save_pro_licenceinc\ajax\class-licence.php:27
authwp_ajax_mainwp_seopress_reset_pro_licenceinc\ajax\class-licence.php:28
authwp_ajax_mainwp_seopress_load_site_settingsinc\ajax\class-load-site-settings.php:27
authwp_ajax_mainwp_seopress_save_pro_settingsinc\ajax\class-pro-page.php:27
authwp_ajax_mainwp_seopress_save_social_networks_settingsinc\ajax\class-social-networks.php:27
authwp_ajax_mainwp_seopress_save_titles_metas_settingsinc\ajax\class-titles-metas.php:27
authwp_ajax_mainwp_seopress_titles_meta_toggleinc\ajax\class-toggle-features.php:27
authwp_ajax_mainwp_seopress_save_xml_html_sitemap_settingsinc\ajax\class-xml-html-sitemap.php:27
authwp_ajax_mainwp_seopress_flush_rewrite_rulesinc\ajax\class-xml-html-sitemap.php:28
WordPress Hooks 12
actionplugins_loadedinc\class-main.php:27
actionadmin_enqueue_scriptsinc\class-main.php:28
actionmainwp_before_headerinc\class-main.php:29
actionwp_roles_initinc\class-main.php:31
filterseopress_post_typesinc\class-main.php:33
filterseopress_get_taxonomies_listinc\class-main.php:34
filterseopress_skip_woocommerce_active_checkinc\class-main.php:35
filtermainwp_getextensionswp-seopress-mainwp.php:107
actionadmin_noticeswp-seopress-mainwp.php:108
filtermainwp_extensions_page_top_headerwp-seopress-mainwp.php:110
filtermainwp_plugins_install_checkswp-seopress-mainwp.php:112
actionmainwp_activatedwp-seopress-mainwp.php:165
Maintenance & Trust

SEOPress for MainWP Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJul 2, 2025
PHP min version7.4
Downloads13K

Community Trust

Rating0/100
Number of ratings0
Active installs900
Alternatives

SEOPress for MainWP Alternatives

Remote Website Management Plugin by Watchful

Remote Website Management Plugin by Watchful

watchful

A
100

A web developers toolbox for remotely managing and monitoring tens, hundreds, or thousands of WordPress websites at once.

4K No CVEs
RemoteMonkey

RemoteMonkey

remotemonkey

A
100

This is the connector plugin of BackupMonkey.io. It's an external service. TOS: https://backupmonkey.io/en/terms-of-service

70 No CVEs
Yoast SEO – Advanced SEO with real-time guidance and built-in AI

Yoast SEO – Advanced SEO with real-time guidance and built-in AI

wordpress-seo

A
89

Improve your SEO with real-time feedback, schema, and clear guidance. Upgrade for AI tools, Google Docs integration, and 24/7 support, no hidden fees.

10.0M 17 CVEs
LiteSpeed Cache

LiteSpeed Cache

litespeed-cache

B
82

All-in-one unbeatable acceleration & PageSpeed improvement: caching, image/CSS/JS optimization...

7.0M 18 CVEs
All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic

all-in-one-seo-pack

B
82

AIOSEO is the most powerful WordPress SEO plugin. Improve SEO rankings and traffic with comprehensive SEO tools and smart AI SEO optimizations!

3.0M 26 CVEs
Developer Profile

SEOPress for MainWP Developer Profile

Benjamin Denis

2 plugins · 301K total installs

85
trust score
Avg Security Score
96/100
Avg Patch Time
89 days
View full developer profile
Detection Fingerprints

How We Detect SEOPress for MainWP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/seopress-for-mainwp/assets/css/seopress-mainwp.css/wp-content/plugins/seopress-for-mainwp/assets/js/seopress-mainwp.js
Script Paths
/wp-content/plugins/seopress-for-mainwp/assets/js/seopress-mainwp.js
Version Parameters
seopress-for-mainwp/assets/css/seopress-mainwp.css?ver=seopress-for-mainwp/assets/js/seopress-mainwp.js?ver=

HTML / DOM Fingerprints

CSS Classes
seopress-mainwp-field
Data Attributes
data-seopress-mainwp-id
FAQ

Frequently Asked Questions about SEOPress for MainWP