Does Site Suggest have any unpatched vulnerabilities?

Yes — Site Suggest currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Site Suggest compatible with WordPress 6.9.4?

According to WordPress.org data, Site Suggest 1.3.9 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Site Suggest compatible with PHP 7.2+?

Site Suggest requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Site Suggest updated?

Site Suggest was last updated on Dec 12, 2025. Frequent updates are generally a positive security signal.

What is Site Suggest's security score?

Site Suggest has a WP-Safety security score of 78/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Site Suggest Security & Risk Analysis

wordpress.org/plugins/site-suggest

Site Suggest is a comprehensive WordPress plugin designed to assist site administrators in reviewing and optimizing their site's SEO analytics.

30 active installs v1.3.9 PHP 7.2+ WP 6.5+ Updated Dec 12, 2025

broken-linksperformanceseosite-suggestsitesuggest

B · Generally Safe

CVEs total1

Unpatched1

Last CVEFeb 26, 2026

Download

Safety Verdict

Is Site Suggest Safe to Use in 2026?

Mostly Safe

Score 78/100

Site Suggest is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Feb 26, 2026Updated 3mo ago

Risk Assessment

The "site-suggest" v1.3.9 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices in output escaping, with 100% of outputs being properly escaped, and a high percentage of SQL queries utilizing prepared statements. The absence of dangerous functions and bundled libraries also contributes to a generally cleaner codebase. However, significant concerns arise from the attack surface analysis. With 24 AJAX handlers, 7 of which lack authentication checks, there is a substantial risk of unauthorized actions being performed. This is further underscored by the taint analysis, which identified one flow with unsanitized paths. The vulnerability history, while showing only one medium-severity CVE, indicates a past issue related to missing authorization. The presence of an unpatched CVE is a critical red flag, suggesting ongoing exposure to a known security flaw. The pattern of past vulnerabilities and the current lack of authentication on several AJAX endpoints point to a potential recurring issue with authorization enforcement.

Key Concerns

Unprotected AJAX handlers (7)
Flow with unsanitized paths
Unpatched CVE (medium severity)
Missing capability checks on AJAX handlers

Vulnerabilities

Site Suggest Security Vulnerabilities

CVEs by Year

1 CVE in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2026-28104medium · 5.3Missing Authorization

Site Suggest <= 1.3.9 - Missing Authorization

Feb 26, 2026Unpatched

Code Analysis

Analyzed Mar 16, 2026

Site Suggest Code Analysis

Dangerous Functions

Raw SQL Queries

11 prepared

Unescaped Output

298 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

85% prepared13 total queries

Output Escaping

100% escaped299 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

6 flows1 with unsanitized paths

<ajax-controller> (app\ajax-controller.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

7 unprotected

Site Suggest Attack Surface

Entry Points24

Unprotected7

AJAX Handlers 24

authwp_ajax_stsgt_save_prev_logapp\ajax-controller.php:19

authwp_ajax_stsgt_run_auditapp\ajax-controller.php:20

authwp_ajax_stsgt_save_admin_settingsapp\ajax-controller.php:21

authwp_ajax_clear_stsgt_log_allapp\ajax-controller.php:22

authwp_ajax_remove_stsgt_log_itemapp\ajax-controller.php:23

authwp_ajax_stsgt_delete_revisionsapp\ajax-controller.php:24

authwp_ajax_stsgt_delete_draftsapp\ajax-controller.php:25

authwp_ajax_stsgt_delete_spam_commentsapp\ajax-controller.php:26

authwp_ajax_stsgt_delete_trash_commentsapp\ajax-controller.php:27

authwp_ajax_stsgt_delete_trashapp\ajax-controller.php:28

authwp_ajax_stsgt_delete_transientsapp\ajax-controller.php:29

authwp_ajax_stsgt_export_images_csvapp\ajax-controller.php:30

authwp_ajax_stsgt_import_images_csvapp\ajax-controller.php:31

authwp_ajax_stsgt_run_audit_cron_observerapp\ajax-controller.php:32

authwp_ajax_stsgt_save_fetched_audit_dataapp\ajax-controller.php:33

authwp_ajax_stsgt_start_cron_run_auditapp\ajax-controller.php:34

authwp_ajax_stsgt_approve_share_tech_dataapp\ajax-controller.php:35

authwp_ajax_stsgt_robots_txt_contentapp\ajax-controller.php:36

authwp_ajax_stsgt_clear_404_logsapp\ajax-controller.php:37

authwp_ajax_stsgt_update_banner_updateapp\ajax-controller.php:38

authwp_ajax_reset_scanning_processapp\ajax-controller.php:39

authwp_ajax_stsgt_cron_checkerapp\ajax-controller.php:40

authwp_ajax_stsgt_dismiss_admin_noticeapp\ajax-controller.php:41

authwp_ajax_stsgt_send_bug_reportapp\ajax-controller.php:42

WordPress Hooks 21

actionstsgt_every_min_cronapp\ajax-controller.php:45

filterhttp_request_timeoutapp\ajax-controller.php:628

filterhttp_request_timeoutapp\ajax-controller.php:917

filteralloptionsapp\ajax-controller.php:1648

actioninitapp\cron-controller.php:17

filtercron_schedulesapp\cron-controller.php:18

filterhttp_request_timeoutapp\info-controller.php:1844

actionadmin_headapp\main-controller.php:18

actionadmin_menuapp\main-controller.php:19

actionadmin_bar_menuapp\main-controller.php:20

actionadmin_noticesapp\main-controller.php:21

filterscript_loader_tagapp\main-controller.php:24

actionadmin_enqueue_scriptsapp\main-controller.php:25

actionadmin_enqueue_scriptsapp\main-controller.php:26

actiontemplate_redirectapp\main-controller.php:28

actioninitapp\main-controller.php:34

actionadd_meta_boxesapp\main-controller.php:35

actionwp_headapp\main-controller.php:36

actionadmin_noticesapp\main-controller.php:38

actioninitapp\main-controller.php:40

filtersafe_style_cssviews\admin\admin-tool-content.php:123

Scheduled Events 1

stsgt_every_min_cron

Maintenance & Trust

Site Suggest Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 12, 2025

PHP min version7.2

Downloads2K

Community Trust

Rating100/100

Number of ratings2

Active installs30

Alternatives

Site Suggest Alternatives

Facilitated Routines

facilitated-routines

100

Automate technical SEO, image optimization and webp creation, security, unused media cleanup, sitemaps, find broken links, and more.

70 No CVEs

LiteSpeed Cache

litespeed-cache

All-in-one unbeatable acceleration & PageSpeed improvement: caching, image/CSS/JS optimization...

7.0M 18 CVEs

Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links

broken-link-checker-seo

Broken Link Checker by AIOSEO ensures all links on your website are working. Check your site for broken links and easily fix them to improve SEO.

300K 3 CVEs

Insights from Google PageSpeed

google-pagespeed-insights

Use Insights from Google PageSpeed to increase your sites performance, your search engine ranking, and your visitors browsing experience.

20K 2 CVEs

QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly

quickwebp

100

QuickWebP is a free WordPress plugin that converts images to WebP, optimizes performance, improves SEO, auto-fills metadata, and resizes images—no API …

7K No CVEs

Developer Profile

Site Suggest Developer Profile

Aryan Shirani Bid Abadi

2 plugins · 130 total installs

trust score

Avg Security Score

89/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Site Suggest

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/site-suggest/app/public/css/site-suggest.css/wp-content/plugins/site-suggest/app/public/js/site-suggest.js

Script Paths

/wp-content/plugins/site-suggest/app/public/js/site-suggest.js

Version Parameters

site-suggest/app/public/css/site-suggest.css?ver=site-suggest/app/public/js/site-suggest.js?ver=

HTML / DOM Fingerprints

CSS Classes

stsgt_dismiss_admin_notice

HTML Comments

Data Attributes

data-stsgt-dismissdata-stsgt-noncedata-stsgt-action

JS Globals

stsgt_vars

FAQ