Does Supafolio have any unpatched vulnerabilities?

No. All known vulnerabilities in Supafolio have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Supafolio compatible with WordPress 6.9.0?

According to WordPress.org data, Supafolio 2.27.0 has been tested up to WordPress 6.9.0. Check the plugin's changelog for the latest compatibility information.

How often is Supafolio updated?

Supafolio was last updated on Jan 8, 2026. Frequent updates are generally a positive security signal.

What is Supafolio's security score?

Supafolio has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Supafolio Security & Risk Analysis

wordpress.org/plugins/supapress

Quickly and easily connect your book metadata (ONIX) to your WordPress site.

100 active installs v2.27.0 PHP + WP 6.0+ Updated Jan 8, 2026

booksfoliopublisherssupadu

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Supafolio Safe to Use in 2026?

Generally Safe

Score 100/100

Supafolio has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The Supapress plugin, version 2.27.0, exhibits a mixed security posture. While it has no recorded historical vulnerabilities and no critical issues in taint analysis, significant concerns arise from its attack surface. A large number of AJAX handlers (11 out of 11) lack proper authentication checks, presenting a substantial risk of unauthorized actions. The code analysis also reveals issues with output escaping, with only 18% of outputs being properly escaped, increasing the potential for cross-site scripting (XSS) vulnerabilities. The presence of bundled libraries like Select2 and Guzzle v1.1, while not explicitly flagged as outdated, warrants caution as outdated dependencies can introduce known vulnerabilities. Despite a lack of historical CVEs suggesting a proactive approach to security or a low profile, the current static analysis points to immediate risks that need to be addressed, particularly the unprotected AJAX endpoints and widespread output escaping deficiencies.

Key Concerns

AJAX handlers without auth checks
Low percentage of properly escaped output
SQL queries not always prepared
Bundled outdated library (Guzzle v1.1)

Vulnerabilities

None known

Supafolio Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Supafolio Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

348

76 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2Guzzle1.1

SQL Query Safety

33% prepared3 total queries

Output Escaping

18% escaped424 total outputs

Data Flows

3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths

search_box (admin\includes\widget-list-table.php:186)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

11 unprotected

Supafolio Attack Surface

Entry Points12

Unprotected11

AJAX Handlers 11

authwp_ajax_supapress_predictiveadmin\admin.php:401

noprivwp_ajax_supapress_predictiveadmin\admin.php:402

authwp_ajax_supapress_cache_clearadmin\admin.php:403

authwp_ajax_supapress_bulk_isbn_lookupadmin\admin.php:404

authwp_ajax_supapress_get_module_listadmin\admin.php:405

authwp_ajax_supapress_isbn_lookupadmin\admin.php:419

noprivwp_ajax_supapress_isbn_lookupadmin\admin.php:420

authwp_ajax_supapress_collectionsadmin\admin.php:433

noprivwp_ajax_supapress_collectionsadmin\admin.php:434

authwp_ajax_supapress_filtersadmin\admin.php:445

noprivwp_ajax_supapress_filtersadmin\admin.php:446

Shortcodes 1

[supapress] includes\controller.php:13

WordPress Hooks 28

actionadmin_menuadmin\admin.php:13

actionadmin_initadmin\admin.php:15

actionsupapress_admin_noticesadmin\admin.php:17

filterset-screen-optionadmin\admin.php:32

actionadmin_enqueue_scriptsadmin\admin.php:44

filterscreen_options_show_screenadmin\admin.php:61

actionadmin_enqueue_scriptsadmin\admin.php:89

filterparse_queryadmin\admin.php:323

actionedit_form_after_editoradmin\admin.php:485

actionplugins_loadedincludes\controller.php:10

actionwp_enqueue_scriptsincludes\controller.php:59

filterrewrite_rules_arrayincludes\controller.php:76

filterquery_varsincludes\controller.php:77

actionwp_loadedincludes\controller.php:78

actionget_headerincludes\functions.php:839

filterwpseo_opengraph_urlincludes\functions.php:943

filterwpseo_titleincludes\functions.php:944

filterwpseo_twitter_titleincludes\functions.php:945

filterwpseo_opengraph_titleincludes\functions.php:946

filterwpseo_metadescincludes\functions.php:947

filterwpseo_opengraph_descincludes\functions.php:948

filterwpseo_canonicalincludes\functions.php:949

filterwpseo_opengraph_imageincludes\functions.php:950

filterwpseo_twitter_imageincludes\functions.php:951

actioninitsettings.php:17

actionplugins_loadedsettings.php:58

actionwidgets_initwidgets.php:5

actionadmin_enqueue_scriptswidgets.php:7

Maintenance & Trust

Supafolio Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.0

Last updatedJan 8, 2026

PHP min version

Downloads19K

Community Trust

Rating0/100

Number of ratings0

Active installs100

Alternatives

Supafolio Alternatives

Kitab

kitab

Kitab - Books Management System for WordPress

0 No CVEs

WP Show Posts

wp-show-posts

Add posts to your website from any post type using a simple shortcode.

70K 3 CVEs

Visual Portfolio, Photo Gallery & Post Grid

visual-portfolio

Modern photo gallery and portfolio plugin with advanced layouts editor. Clean gallery styles with powerful settings in the Gutenberg block.

60K 3 CVEs

Portfolio Post Type

portfolio-post-type

This plugin registers a custom post type for portfolio items. It also registers separate portfolio taxonomies for tags and categories.

50K No CVEs

Premium Portfolio Features for Phlox theme

auxin-portfolio

Showcase your projects beautifully in Phlox theme

40K 4 CVEs

Developer Profile

Supafolio Developer Profile

david.kane

1 plugin · 100 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Supafolio

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/supapress/admin/css/admin-overrides.min.css/wp-content/plugins/supapress/admin/css/select2.min.css/wp-content/plugins/supapress/admin/js/select2.min.js/wp-content/plugins/supapress/admin/js/add-shortcode.min.js/wp-content/plugins/supapress/admin/css/add-shortcode.min.css/wp-content/plugins/supapress/admin/css/jquery.asmselect.css/wp-content/plugins/supapress/admin/css/styles.min.css/wp-content/plugins/supapress/admin/js/svg4everybody.min.js+4 more

Script Paths

/wp-content/plugins/supapress/admin/js/select2.min.js/wp-content/plugins/supapress/admin/js/add-shortcode.min.js/wp-content/plugins/supapress/admin/js/svg4everybody.min.js/wp-content/plugins/supapress/admin/js/jquery.placeholder.min.js/wp-content/plugins/supapress/admin/js/jquery.asmselect.js/wp-content/plugins/supapress/admin/js/scripts.min.js+1 more

Version Parameters

supapress-admin-overridessupapress-admin-select2supapress-admin-select2supapress-admin-add-shortcodesupapress-admin-add-shortcodesupapress-admin-asmsupapress-adminsupapress-admin-svg4everybodysupapress-admin-placeholdersupapress-admin-asmsupapress-adminwidget

HTML / DOM Fingerprints

CSS Classes

supapresssupafolio

HTML Comments

This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; version 2 of the License.

 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.

 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

Data Attributes

data-supapress-setting-id

JS Globals

SUPAPRESS_VERSIONSUPAPRESS_SITE_URLSUPAPRESS_PLUGIN_BASENAMESUPAPRESS_PLUGIN_DIRSUPAPRESS_PLUGIN_URLSUPAPRESS_DEFAULT_SERVICE_URL+21 more

FAQ