Does Multipage have any unpatched vulnerabilities?

No. All known vulnerabilities in Multipage have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Multipage compatible with WordPress 5.7.15?

According to WordPress.org data, Multipage 1.5.12 has been tested up to WordPress 5.7.15. Check the plugin's changelog for the latest compatibility information.

How often is Multipage updated?

Multipage was last updated on Jun 16, 2021. Frequent updates are generally a positive security signal.

What is Multipage's security score?

Multipage has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Multipage Security & Risk Analysis

wordpress.org/plugins/sgr-nextpage-titles

Order your posts in subpages: multipage posts will have a table of contents linking single subpages with their titles.

900 active installs v1.5.12 PHP + WP 3.9+ Updated Jun 16, 2021

multi-pagenextpageseosubpagestable-of-contents

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Multipage Safe to Use in 2026?

Generally Safe

Score 85/100

Multipage has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4yr ago

Risk Assessment

The sgr-nextpage-titles plugin v1.5.12 exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The plugin demonstrates good practices by avoiding dangerous functions, file operations, and external HTTP requests. Importantly, there are no known CVEs associated with this plugin, and its vulnerability history is clean, which suggests a commitment to security by the developers. The limited attack surface, consisting solely of one shortcode, is a positive sign, especially as it appears to have no unprotected entry points.

However, there are areas for improvement. The static analysis reveals that only 50% of SQL queries use prepared statements, and a concerning 42% of output is not properly escaped. While no critical or high severity taint flows were detected, the presence of unsanitized data in output could still lead to cross-site scripting (XSS) vulnerabilities if not handled carefully. The absence of capability checks on its single entry point (the shortcode) also raises a flag, as it implies that any logged-in user could potentially interact with the shortcode's functionality without specific permissions.

In conclusion, sgr-nextpage-titles v1.5.12 is a relatively low-risk plugin due to its lack of known vulnerabilities and minimal attack surface. However, the unescaped output and the lack of capability checks on the shortcode represent potential security weaknesses that should be addressed to further enhance its security.

Key Concerns

SQL queries not fully prepared
Significant amount of unescaped output
No capability checks on shortcode

Vulnerabilities

None known

Multipage Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Multipage Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

32 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

TinyMCE

SQL Query Safety

50% prepared2 total queries

Output Escaping

58% escaped55 total outputs

Data Flows

All sanitized

Data Flow Analysis

4 flows

mpp_admin_advanced_settings_save (inc\admin\admin-advanced-settings.php:138)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Multipage Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[nextpage] classes\class-mpp-shortcodes.php:21

WordPress Hooks 29

actioninitclass-mpp.php:114

actionsave_postclass-mpp.php:148

filterpre_handle_404class-mpp.php:151

actionwpclass-mpp.php:155

filterwp_link_pages_argsclass-mpp.php:187

filtercomments_templateclass-mpp.php:191

filterwp_titleclass-mpp.php:229

filterpre_get_document_titleclass-mpp.php:230

filterdocument_title_partsclass-mpp.php:231

filterthe_contentclass-mpp.php:233

actionwp_enqueue_scriptsclass-mpp.php:234

actionadmin_headclasses\class-mpp-admin.php:86

actionadmin_menuclasses\class-mpp-admin.php:89

actionmpp_register_admin_settingsclasses\class-mpp-admin.php:92

actionadmin_enqueue_scriptsclasses\class-mpp-admin.php:95

filterplugin_action_linksclasses\class-mpp-admin.php:98

filternetwork_admin_plugin_action_linksclasses\class-mpp-admin.php:99

filtermce_cssclasses\class-mpp-admin.php:105

filtermce_buttonsclasses\class-mpp-admin.php:106

filtermce_external_pluginsclasses\class-mpp-admin.php:107

filterwp_mce_translationclasses\class-mpp-admin.php:108

actionenqueue_block_editor_assetsclasses\class-mpp-admin.php:115

actionadmin_print_footer_scriptsclasses\class-mpp-admin.php:119

actionadmin_initinc\admin\admin-actions.php:9

actionmpp_admin_initinc\admin\admin-actions.php:12

actionmpp_admin_initinc\admin\admin-actions.php:13

actionadmin_initinc\admin\admin-advanced-settings.php:163

actionadmin_initinc\admin\admin-settings.php:315

actioninitinc\mpp-functions.php:93

Maintenance & Trust

Multipage Maintenance & Trust

Maintenance Signals

WordPress version tested5.7.15

Last updatedJun 16, 2021

PHP min version

Downloads52K

Community Trust

Rating92/100

Number of ratings22

Active installs900

Alternatives

Multipage Alternatives

LuckyWP Table of Contents

luckywp-table-of-contents

Creates SEO-friendly table of contents for your posts/pages. Works automatically or manually (via shortcode, Gutenberg block or widget).

100K 5 CVEs

Table Of Contents Block

table-of-contents-block

Automatically Add Table of Contents Block for your WordPress Posts & Pages

10K No CVEs

Heroic Table of Contents

heroic-table-of-contents

100

Heroic Table of Contents is the easiest way to add a table of contents to your site.

5K No CVEs

Table of Contents Creator

table-of-contents-creator

Table of Contents Creator automatically generates a highly customizable dynamic site wide table of contents that is always up-to-date.

400 1 unpatched

Developer Profile

Multipage Developer Profile

Sergio De Falco

2 plugins · 1K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Multipage

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/sgr-nextpage-titles/inc/mpp-template.php

HTML / DOM Fingerprints

HTML Comments

Shortcode Output

[nextpage<!-- wp:multipage/subpage

FAQ