Does Staatic – Static Site Generator have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Staatic – Static Site Generator compatible with WordPress 6.9.4?

According to WordPress.org data, Staatic – Static Site Generator 1.12.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Staatic – Static Site Generator compatible with PHP 7.1+?

Staatic – Static Site Generator requires PHP 7.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Staatic – Static Site Generator updated?

Staatic – Static Site Generator was last updated on Apr 14, 2026. Frequent updates are generally a positive security signal.

What is Staatic – Static Site Generator's security score?

Staatic – Static Site Generator has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Staatic – Static Site Generator Security & Risk Analysis

wordpress.org/plugins/staatic

Staatic lets you create and deploy a streamlined static version of your WordPress site.

2K active installs v1.12.2 PHP 7.1+ WP 5.0+ Updated Apr 14, 2026

performancesecurityseospeedstatic

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Staatic – Static Site Generator Safe to Use in 2026?

Generally Safe

Score 100/100

Staatic – Static Site Generator has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The Staatic plugin v1.12.1 exhibits a generally good security posture with zero known CVEs and a complete lack of external attack vectors such as AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without authentication. The code also demonstrates a strong commitment to secure coding practices by utilizing prepared statements for the vast majority of its SQL queries and implementing nonce and capability checks for critical operations.

However, the taint analysis reveals a significant concern. All 17 analyzed taint flows passed through unsanitized paths, with 17 of them being flagged as high severity. This indicates a potential for input validation and sanitization weaknesses that could be exploited, even without direct attack surface points. The low percentage of properly escaped output (28%) further amplifies this risk, suggesting that user-supplied data might be rendered in an unsafe manner, potentially leading to cross-site scripting (XSS) vulnerabilities if an attacker can inject malicious content into the processed data.

While the plugin's vulnerability history is clean, the current taint analysis findings present a clear and present risk that should not be overlooked. The presence of high-severity taint flows without proper output escaping is a critical area for immediate attention. The plugin's strengths lie in its minimal attack surface and good SQL practices, but the identified taint issues and low output escaping rate detract from its overall security. It is crucial to address these taint flow issues to prevent potential exploitation and ensure the integrity of user data and the website.

Key Concerns

High severity unsanitized taint flows found
Low percentage of properly escaped output
Bundled library Guzzle may be outdated

Vulnerabilities

None known

Staatic – Static Site Generator Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Staatic – Static Site Generator Release Timeline

v1.12.2Current

v1.12.1

v1.12.0

v1.11.4

v1.11.3

v1.11.0

v1.10.9

v1.10.8

v1.10.7

v1.10.6

v1.10.5

v1.10.4

v1.10.3

v1.10.2

v1.10.1

v1.10.0

v1.9.3

v1.9.2

v1.9.1

v1.9.0

Code Analysis

Analyzed Mar 16, 2026

Staatic – Static Site Generator Code Analysis

Dangerous Functions

Raw SQL Queries

153 prepared

Unescaped Output

215

83 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Guzzle

SQL Query Safety

91% prepared169 total queries

Output Escaping

28% escaped298 total outputs

Data Flows · Security

17 unsanitized

Data Flow Analysis

17 flows17 with unsanitized paths

handle (src\Module\Admin\Page\BuildResultPage.php:40)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Staatic – Static Site Generator Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 107

actionadmin_noticesplatform_check.php:8

actionadmin_noticesplatform_check.php:17

actionadmin_noticesplatform_check.php:26

actionadmin_initplatform_check.php:89

actionadmin_initplatform_check.php:95

actionadmin_initplatform_check.php:100

filterdefault_hidden_columnssrc\ListTable\AbstractListTable.php:231

filterset-screen-optionsrc\ListTable\AbstractListTable.php:235

filtersite_status_testssrc\Module\Admin\ExtendSiteHealth.php:44

filterdebug_informationsrc\Module\Admin\ExtendSiteHealth.php:45

actionwp_loadedsrc\Module\Admin\Page\BuildResultPage.php:37

actioninitsrc\Module\Admin\Page\PublicationLogs\PublicationLogsExportPage.php:50

actioninitsrc\Module\Admin\Page\PublicationLogs\PublicationLogsPage.php:62

actioninitsrc\Module\Admin\Page\PublicationResults\PublicationResultsPage.php:62

actioninitsrc\Module\Admin\Page\Publications\PublicationDeletePage.php:37

actioninitsrc\Module\Admin\Page\Publications\PublicationDownloadPage.php:49

actioninitsrc\Module\Admin\Page\Publications\PublicationsPage.php:43

actionadmin_noticessrc\Module\Admin\Page\Publications\PublicationsPage.php:73

actioninitsrc\Module\Admin\Page\Publications\PublicationSummaryPage.php:71

actioninitsrc\Module\Admin\Page\PublishPage.php:60

actioninitsrc\Module\Admin\Page\PublishSubsetPage.php:53

actioninitsrc\Module\Admin\Page\SettingsPage.php:44

actionadmin_initsrc\Module\Admin\Page\SettingsPage.php:45

actioninitsrc\Module\Admin\Page\TestRequestPage.php:46

actionwp_loadedsrc\Module\Admin\RegisterAdminBar.php:60

actionadmin_bar_menusrc\Module\Admin\RegisterAdminBar.php:65

actionadmin_enqueue_scriptssrc\Module\Admin\RegisterAssets.php:38

actionadmin_enqueue_scriptssrc\Module\Admin\RegisterAssets.php:39

actionwp_dashboard_setupsrc\Module\Admin\Widget\PublicationLogsWidget.php:27

actionwp_dashboard_setupsrc\Module\Admin\Widget\PublicationStatusWidget.php:27

actionwp_loadedsrc\Module\Cleanup.php:56

actioninitsrc\Module\Deployer\FilesystemDeployer\FilesystemDeployerModule.php:76

actionwp_loadedsrc\Module\Deployer\FilesystemDeployer\FilesystemDeployerModule.php:77

filterstaatic_deployment_methodssrc\Module\Deployer\FilesystemDeployer\FilesystemDeployerModule.php:81

filterstaatic_additional_paths_exclude_pathssrc\Module\Deployer\FilesystemDeployer\FilesystemDeployerModule.php:102

filterstaatic_exclude_urlssrc\Module\Deployer\FilesystemDeployer\FilesystemDeployerModule.php:106

filterstaatic_transformerssrc\Module\Deployer\FilesystemDeployer\FilesystemDeployerModule.php:107

filterstaatic_post_processorssrc\Module\Deployer\FilesystemDeployer\FilesystemDeployerModule.php:108

filterstaatic_deployment_strategysrc\Module\Deployer\FilesystemDeployer\FilesystemDeployerModule.php:109

filterstaatic_deployment_strategy_validatesrc\Module\Deployer\FilesystemDeployer\FilesystemDeployerModule.php:110

actioninitsrc\Module\Deployer\GithubDeployer\GithubDeployerModule.php:45

actionwp_loadedsrc\Module\Deployer\GithubDeployer\GithubDeployerModule.php:46

filterstaatic_deployment_methodssrc\Module\Deployer\GithubDeployer\GithubDeployerModule.php:50

filterstaatic_deployment_strategysrc\Module\Deployer\GithubDeployer\GithubDeployerModule.php:69

actionrest_api_initsrc\Module\Deployer\GithubDeployer\GithubStatusEndpoint.php:34

actioninitsrc\Module\Deployer\NetlifyDeployer\NetlifyDeployerModule.php:72

actionwp_loadedsrc\Module\Deployer\NetlifyDeployer\NetlifyDeployerModule.php:73

filterstaatic_deployment_methodssrc\Module\Deployer\NetlifyDeployer\NetlifyDeployerModule.php:77

filterstaatic_post_processorssrc\Module\Deployer\NetlifyDeployer\NetlifyDeployerModule.php:96

filterstaatic_deployment_strategysrc\Module\Deployer\NetlifyDeployer\NetlifyDeployerModule.php:97

actionrest_api_initsrc\Module\Deployer\NetlifyDeployer\NetlifyStatusEndpoint.php:32

actioninitsrc\Module\Deployer\S3Deployer\S3DeployerModule.php:45

actionwp_loadedsrc\Module\Deployer\S3Deployer\S3DeployerModule.php:46

filterstaatic_deployment_methodssrc\Module\Deployer\S3Deployer\S3DeployerModule.php:50

filterstaatic_deployment_strategysrc\Module\Deployer\S3Deployer\S3DeployerModule.php:70

actioninitsrc\Module\Deployer\SftpDeployer\SftpDeployerModule.php:45

actionwp_loadedsrc\Module\Deployer\SftpDeployer\SftpDeployerModule.php:46

filterstaatic_deployment_methodssrc\Module\Deployer\SftpDeployer\SftpDeployerModule.php:50

filterstaatic_deployment_strategysrc\Module\Deployer\SftpDeployer\SftpDeployerModule.php:70

actionrest_api_initsrc\Module\Deployer\SftpDeployer\SftpStatusEndpoint.php:24

actioninitsrc\Module\Deployer\ZipfileDeployer\ZipfileDeployerModule.php:37

actionwp_loadedsrc\Module\Deployer\ZipfileDeployer\ZipfileDeployerModule.php:38

filterstaatic_deployment_methodssrc\Module\Deployer\ZipfileDeployer\ZipfileDeployerModule.php:42

filterstaatic_publication_taskssrc\Module\Deployer\ZipfileDeployer\ZipfileDeployerModule.php:58

filterstaatic_deployment_strategysrc\Module\Deployer\ZipfileDeployer\ZipfileDeployerModule.php:59

actioninitsrc\Module\EnsureMigrated.php:32

actionadmin_noticessrc\Module\EnsureMigrated.php:76

filtercron_requestsrc\Module\HttpAuthHeaders.php:33

filterhttp_request_argssrc\Module\HttpAuthHeaders.php:34

filterstaatic_background_publisher_query_urlsrc\Module\HttpsToHttpDowngrade.php:33

actionwp_loadedsrc\Module\Integration\AvadaTheme.php:13

filterstaatic_html_mapping_tagssrc\Module\Integration\AvadaTheme.php:21

filterstaatic_html_mapping_srcsetsrc\Module\Integration\AvadaTheme.php:22

actionwp_loadedsrc\Module\Integration\ElementorPlugin.php:45

filterstaatic_additional_pathssrc\Module\Integration\ElementorPlugin.php:53

filterstaatic_transformerssrc\Module\Integration\ElementorPlugin.php:56

actionwp_loadedsrc\Module\Integration\FlyingPressPlugin.php:13

filterstaatic_html_mapping_stylesrc\Module\Integration\FlyingPressPlugin.php:21

actionwp_loadedsrc\Module\Integration\RankMathPlugin.php:20

filterstaatic_crawl_url_providerssrc\Module\Integration\RankMathPlugin.php:28

actionwp_loadedsrc\Module\Integration\RedirectionPlugin.php:18

filterstaatic_crawl_url_providerssrc\Module\Integration\RedirectionPlugin.php:26

actionwp_loadedsrc\Module\Integration\SafeRedirectManagerPlugin.php:18

filterstaatic_crawl_url_providerssrc\Module\Integration\SafeRedirectManagerPlugin.php:26

actionwp_loadedsrc\Module\Integration\Simple301RedirectsPlugin.php:23

filterstaatic_crawl_url_providerssrc\Module\Integration\Simple301RedirectsPlugin.php:31

actionwp_loadedsrc\Module\Integration\Wordpress.php:15

filterstaatic_additional_urlssrc\Module\Integration\Wordpress.php:20

filterstaatic_additional_paths_exclude_pathssrc\Module\Integration\Wordpress.php:21

actionwp_loadedsrc\Module\Integration\WpFastestCachePlugin.php:13

filterstaatic_html_mapping_tagssrc\Module\Integration\WpFastestCachePlugin.php:21

filterstaatic_html_mapping_srcsetsrc\Module\Integration\WpFastestCachePlugin.php:22

actionwp_loadedsrc\Module\Integration\YoastPremiumPlugin.php:18

filterstaatic_crawl_url_providerssrc\Module\Integration\YoastPremiumPlugin.php:26

actioninitsrc\Module\LoadTextDomain.php:11

actioninitsrc\Module\RegisterFieldTypes.php:23

filtercron_schedulessrc\Module\RegisterSchedules.php:11

actioninitsrc\Module\RegisterSettings.php:54

actioninitsrc\Module\RegisterSettings.php:55

actioninitsrc\Module\RegisterSettings.php:57

actionwp_loadedsrc\Module\RegisterSettings.php:58

actionrest_api_initsrc\Module\Rest\PublicationLogsEndpoint.php:49

actionrest_api_initsrc\Module\Rest\PublicationStatusEndpoint.php:50

actionrest_api_initsrc\Module\Rest\SiteHealthTestsEndpoint.php:29

actionwp_loadedsrc\Module\ScheduleTestRequest.php:37

actionadmin_menusrc\Service\AdminNavigation.php:61

actionsubmenu_filesrc\Service\AdminNavigation.php:62

Maintenance & Trust

Staatic – Static Site Generator Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedApr 14, 2026

PHP min version7.1

Downloads67K

Community Trust

Rating84/100

Number of ratings22

Active installs2K

Alternatives

Staatic – Static Site Generator Alternatives

Static Snap

static-snap

100

Static Snap converts your WordPress site into a static website, boosting performance, security, scalability, and SEO.

30 No CVEs

Static Porter

static-porter

100

The safest static site generator. Convert WordPress to HTML with built-in memory protection, stop-buttons, and instant smart refresh.

0 No CVEs

StaticWeb Deploy

staticweb-deploy

100

Generate static sites for deployment as files or S3-compatible storage.

0 No CVEs

LiteSpeed Cache

litespeed-cache

All-in-one unbeatable acceleration & PageSpeed improvement: caching, image/CSS/JS optimization...

7.0M 18 CVEs

Simply Static – The Static Site Generator

simply-static

Convert WordPress to static HTML. Boost performance 3-5x. Eliminate security vulnerabilities. Deploy anywhere.

30K 2 CVEs

Developer Profile

Staatic – Static Site Generator Developer Profile

Team Staatic

1 plugin · 2K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Staatic – Static Site Generator

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/staatic/assets/admin.css/wp-content/plugins/staatic/assets/admin.js

Script Paths

/wp-content/plugins/staatic/assets/admin.js

Version Parameters

staatic/assets/admin.css?ver=staatic/assets/admin.js?ver=

HTML / DOM Fingerprints

REST Endpoints

/wp-json/staatic-github/v1/github-status/wp-json/staatic-netlify/v1/netlify-status

FAQ