Does Strict CSP have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Strict CSP compatible with WordPress 6.9.4?

According to WordPress.org data, Strict CSP 0.3.2 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Strict CSP compatible with PHP 7.2+?

Strict CSP requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Strict CSP updated?

Strict CSP was last updated on Nov 30, 2025. Frequent updates are generally a positive security signal.

What is Strict CSP's security score?

Strict CSP has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Strict CSP Security & Risk Analysis

wordpress.org/plugins/strict-csp

Enforces a Strict Content Security Policy on the frontend and login screen to help mitigate any XSS vulnerabilities.

20 active installs v0.3.2 PHP 7.2+ WP 6.4+ Updated Nov 30, 2025

security

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Strict CSP Safe to Use in 2026?

Generally Safe

Score 100/100

Strict CSP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The "strict-csp" plugin version 0.3.2 exhibits an exceptionally strong security posture based on the provided static analysis and vulnerability history. The absence of any identified attack surface, dangerous functions, unsanitized taint flows, or direct SQL queries is a significant strength. Furthermore, the plugin appears to handle output properly and avoid file operations or external HTTP requests. This suggests a well-developed and secure codebase, with a strong focus on defensive programming practices.

The lack of any recorded vulnerabilities, past or present, reinforces this positive assessment. There are no unpatched CVEs, and the plugin has not historically been associated with common vulnerability types. This track record indicates a commitment to security by the developers or a lack of past attempts to exploit it, which, combined with the clean code analysis, suggests a low overall risk profile.

While the data paints a picture of a very secure plugin, the complete absence of capability checks and nonce checks on its entry points (even though there are zero entry points identified) is a theoretical concern. If any new entry points were to be introduced in future versions without proper authorization mechanisms, this could create an immediate risk. However, based on the current analysis, this plugin appears to be a highly secure option.

Key Concerns

No capability checks identified
No nonce checks identified

Vulnerabilities

None known

Strict CSP Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Strict CSP Release Timeline

v0.3.2Current

v0.3.1

v0.3.0

Code Analysis

Analyzed Apr 16, 2026

Strict CSP Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

Strict CSP Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

filterwp_headersstrict-csp.php:146

filterwp_script_attributesstrict-csp.php:149

filterwp_inline_script_attributesstrict-csp.php:153

filterembed_oembed_htmlstrict-csp.php:158

actionlogin_initstrict-csp.php:160

Maintenance & Trust

Strict CSP Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedNov 30, 2025

PHP min version7.2

Downloads575

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

Strict CSP Alternatives

Wordfence Security – Firewall, Malware Scan, and Login Security

wordfence

Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.

5.0M 12 CVEs

Hostinger Tools

hostinger

Simplified WordPress management. Manage site info, maintenance, security, & redirects.

3.0M 1 CVE

Jetpack – WP Security, Backup, Speed, & Growth

jetpack

Improve your WP security with powerful one-click tools like backup, WAF, and malware scan. Includes free tools like stats, CDN and social sharing.

3.0M 24 CVEs

Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)

really-simple-ssl

Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate.

3.0M 3 CVEs

Limit Login Attempts Reloaded – Login Security, 2FA, Brute Force Protection & Firewall

limit-login-attempts-reloaded

Stop password guessing attacks, secure WooCommerce, block bad IPs, block by countries (Pro), and add email 2FA. Lightweight with better performance.

2.0M 4 CVEs

Developer Profile

Strict CSP Developer Profile

Weston Ruter

26 plugins · 437K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

4499 days

View full developer profile

Detection Fingerprints

How We Detect Strict CSP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ