WP-Safety

Supafolio Security & Risk Analysis

wordpress.org/plugins/supapress

Quickly and easily connect your book metadata (ONIX) to your WordPress site.

100 active installs v2.28.2 PHP + WP 6.0+ Updated Apr 9, 2026
booksfoliopublisherssupadu
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Supafolio Safe to Use in 2026?

Generally Safe

Score 100/100

Supafolio has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The Supapress plugin, version 2.27.0, exhibits a mixed security posture. While it has no recorded historical vulnerabilities and no critical issues in taint analysis, significant concerns arise from its attack surface. A large number of AJAX handlers (11 out of 11) lack proper authentication checks, presenting a substantial risk of unauthorized actions. The code analysis also reveals issues with output escaping, with only 18% of outputs being properly escaped, increasing the potential for cross-site scripting (XSS) vulnerabilities. The presence of bundled libraries like Select2 and Guzzle v1.1, while not explicitly flagged as outdated, warrants caution as outdated dependencies can introduce known vulnerabilities. Despite a lack of historical CVEs suggesting a proactive approach to security or a low profile, the current static analysis points to immediate risks that need to be addressed, particularly the unprotected AJAX endpoints and widespread output escaping deficiencies.

Key Concerns

  • AJAX handlers without auth checks
  • Low percentage of properly escaped output
  • SQL queries not always prepared
  • Bundled outdated library (Guzzle v1.1)
Vulnerabilities
None known

Supafolio Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Supafolio Release Timeline

v2.28.2Current
v2.28.1
v2.28.0
v2.27.0
v2.26.9
v2.26.8
v2.26.7
v2.26.6
v2.26.5
v2.26.4
v2.26.2
v2.26.1
v2.25.2
v2.25.1
v2.25.0
v2.24.9
v2.24.8
v2.24.7
v2.24.6
v2.24.5
Code Analysis
Analyzed Mar 16, 2026

Supafolio Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
1 prepared
Unescaped Output
348
76 escaped
Nonce Checks
4
Capability Checks
3
File Operations
5
External Requests
1
Bundled Libraries
2

Bundled Libraries

Select2Guzzle1.1

SQL Query Safety

33% prepared3 total queries

Output Escaping

18% escaped424 total outputs
Data Flows · Security
3 unsanitized

Data Flow Analysis

4 flows3 with unsanitized paths
search_box (admin\includes\widget-list-table.php:186)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
11 unprotected

Supafolio Attack Surface

Entry Points12
Unprotected11

AJAX Handlers 11

authwp_ajax_supapress_predictiveadmin\admin.php:401
noprivwp_ajax_supapress_predictiveadmin\admin.php:402
authwp_ajax_supapress_cache_clearadmin\admin.php:403
authwp_ajax_supapress_bulk_isbn_lookupadmin\admin.php:404
authwp_ajax_supapress_get_module_listadmin\admin.php:405
authwp_ajax_supapress_isbn_lookupadmin\admin.php:419
noprivwp_ajax_supapress_isbn_lookupadmin\admin.php:420
authwp_ajax_supapress_collectionsadmin\admin.php:433
noprivwp_ajax_supapress_collectionsadmin\admin.php:434
authwp_ajax_supapress_filtersadmin\admin.php:445
noprivwp_ajax_supapress_filtersadmin\admin.php:446

Shortcodes 1

[supapress] includes\controller.php:13
WordPress Hooks 28
actionadmin_menuadmin\admin.php:13
actionadmin_initadmin\admin.php:15
actionsupapress_admin_noticesadmin\admin.php:17
filterset-screen-optionadmin\admin.php:32
actionadmin_enqueue_scriptsadmin\admin.php:44
filterscreen_options_show_screenadmin\admin.php:61
actionadmin_enqueue_scriptsadmin\admin.php:89
filterparse_queryadmin\admin.php:323
actionedit_form_after_editoradmin\admin.php:485
actionplugins_loadedincludes\controller.php:10
actionwp_enqueue_scriptsincludes\controller.php:59
filterrewrite_rules_arrayincludes\controller.php:76
filterquery_varsincludes\controller.php:77
actionwp_loadedincludes\controller.php:78
actionget_headerincludes\functions.php:839
filterwpseo_opengraph_urlincludes\functions.php:943
filterwpseo_titleincludes\functions.php:944
filterwpseo_twitter_titleincludes\functions.php:945
filterwpseo_opengraph_titleincludes\functions.php:946
filterwpseo_metadescincludes\functions.php:947
filterwpseo_opengraph_descincludes\functions.php:948
filterwpseo_canonicalincludes\functions.php:949
filterwpseo_opengraph_imageincludes\functions.php:950
filterwpseo_twitter_imageincludes\functions.php:951
actioninitsettings.php:17
actionplugins_loadedsettings.php:58
actionwidgets_initwidgets.php:5
actionadmin_enqueue_scriptswidgets.php:7
Maintenance & Trust

Supafolio Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 9, 2026
PHP min version
Downloads20K

Community Trust

Rating0/100
Number of ratings0
Active installs100
Alternatives

Supafolio Alternatives

Kitab

Kitab

kitab

A
92

Kitab - Books Management System for WordPress

0 No CVEs
WP Show Posts

WP Show Posts

wp-show-posts

B
84

Add posts to your website from any post type using a simple shortcode.

70K 3 CVEs
Visual Portfolio, Photo Gallery & Post Grid

Visual Portfolio, Photo Gallery & Post Grid

visual-portfolio

A
93

Powerful WordPress gallery plugin for stunning photo, video & album galleries with advanced layouts and flexible block editing.

60K 4 CVEs
Portfolio Post Type

Portfolio Post Type

portfolio-post-type

A
85

This plugin registers a custom post type for portfolio items. It also registers separate portfolio taxonomies for tags and categories.

50K No CVEs
Premium Portfolio Features for Phlox theme

Premium Portfolio Features for Phlox theme

auxin-portfolio

A
91

Showcase your projects beautifully in Phlox theme

40K 4 CVEs
Developer Profile

Supafolio Developer Profile

david.kane

1 plugin · 100 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Supafolio

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/supapress/admin/css/admin-overrides.min.css/wp-content/plugins/supapress/admin/css/select2.min.css/wp-content/plugins/supapress/admin/js/select2.min.js/wp-content/plugins/supapress/admin/js/add-shortcode.min.js/wp-content/plugins/supapress/admin/css/add-shortcode.min.css/wp-content/plugins/supapress/admin/css/jquery.asmselect.css/wp-content/plugins/supapress/admin/css/styles.min.css/wp-content/plugins/supapress/admin/js/svg4everybody.min.js+4 more
Script Paths
/wp-content/plugins/supapress/admin/js/select2.min.js/wp-content/plugins/supapress/admin/js/add-shortcode.min.js/wp-content/plugins/supapress/admin/js/svg4everybody.min.js/wp-content/plugins/supapress/admin/js/jquery.placeholder.min.js/wp-content/plugins/supapress/admin/js/jquery.asmselect.js/wp-content/plugins/supapress/admin/js/scripts.min.js+1 more
Version Parameters
supapress-admin-overridessupapress-admin-select2supapress-admin-select2supapress-admin-add-shortcodesupapress-admin-add-shortcodesupapress-admin-asmsupapress-adminsupapress-admin-svg4everybodysupapress-admin-placeholdersupapress-admin-asmsupapress-adminwidget

HTML / DOM Fingerprints

CSS Classes
supapresssupafolio
HTML Comments
This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; version 2 of the License. * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Data Attributes
data-supapress-setting-id
JS Globals
SUPAPRESS_VERSIONSUPAPRESS_SITE_URLSUPAPRESS_PLUGIN_BASENAMESUPAPRESS_PLUGIN_DIRSUPAPRESS_PLUGIN_URLSUPAPRESS_DEFAULT_SERVICE_URL+21 more
FAQ

Frequently Asked Questions about Supafolio