Does Surbma | Premium WP have any unpatched vulnerabilities?

No. All known vulnerabilities in Surbma | Premium WP have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Surbma | Premium WP compatible with WordPress 6.7.5?

According to WordPress.org data, Surbma | Premium WP 11.3 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Surbma | Premium WP compatible with PHP 7.4+?

Surbma | Premium WP requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Surbma | Premium WP updated?

Surbma | Premium WP was last updated on Jul 30, 2025. Frequent updates are generally a positive security signal.

What is Surbma | Premium WP's security score?

Surbma | Premium WP has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Surbma | Premium WP Security & Risk Analysis

wordpress.org/plugins/surbma-premium-wp

Useful extensions for your WordPress website.

60 active installs v11.3 PHP 7.4+ WP 5.2+ Updated Jul 30, 2025

facebookgooglegoogle-analyticsgoogle-tag-managershortcodes

A · Safe

CVEs total1

Unpatched0

Last CVEJan 7, 2025

Plugin page Download

Safety Verdict

Is Surbma | Premium WP Safe to Use in 2026?

Generally Safe

Score 99/100

Surbma | Premium WP has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 7, 2025Updated 8mo ago

Risk Assessment

The plugin "surbma-premium-wp" version 11.3 exhibits a mixed security posture. The static analysis reveals a commendable lack of direct attack surface through AJAX handlers, REST API routes, shortcodes, or cron events that are exposed without authentication or proper checks. Furthermore, the code demonstrates good practices by using prepared statements for all SQL queries and a high percentage of output escaping. However, the complete absence of observed taint flows, while seemingly positive, could indicate that either the analysis tools were not fully effective in finding potential data flow issues or that the plugin's functionality does not involve complex data manipulation susceptible to such vulnerabilities. This lack of identified taint flows alongside zero capability checks is a notable observation. The plugin's vulnerability history includes one known CVE, which is now patched, indicating a past issue related to Cross-site Scripting. While it is currently unpatched, the fact that the only past vulnerability was addressed is a positive sign, but the presence of a past XSS vulnerability warrants continued vigilance.

Key Concerns

Past XSS vulnerability
No Nonce checks found
No Capability checks found
Limited output escaping (17% not escaped)

Vulnerabilities

Surbma | Premium WP Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-22808medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Surbma | Premium WP <= 9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Jan 7, 2025 Patched in 10.0 (8d)

Code Analysis

Analyzed Mar 16, 2026

Surbma | Premium WP Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

20 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

83% escaped24 total outputs

Attack Surface

Surbma | Premium WP Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionadmin_initpages\extra-fields-page.php:175

actionadmin_initpages\google-analytics-page.php:50

actionadmin_initpages\google-tag-manager-page.php:50

actionadmin_initpages\social-page.php:172

actioninitsurbma-premium-wp.php:26

Maintenance & Trust

Surbma | Premium WP Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedJul 30, 2025

PHP min version7.4

Downloads6K

Community Trust

Rating60/100

Number of ratings1

Active installs60

Alternatives

Surbma | Premium WP Alternatives

GTM4WP – A Google Tag Manager (GTM) plugin for WordPress

duracelltomi-google-tag-manager

Advanced tag management for WordPress with Google Tag Manager

700K 3 CVEs

PixelYourSite – Your smart PIXEL (TAG) & API Manager

pixelyoursite

Add Meta Pixel with Conversion API, Google Analytics (GA4) + Consent Mode, Google Tag Manager, and Head & Footer scripts.

500K 11 CVEs

Insert Headers And Footers

wp-headers-and-footers

Include inline javascript, stylesheets, CSS code or anything you want in Header and Footer areas of your WordPress with ease.

300K 1 CVE

VK All in One Expansion Unit

vk-all-in-one-expansion-unit

This plug-in is an integrated plug-in with a variety of features that make it powerful your web site.

100K 10 CVEs

Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing

woocommerce-google-adwords-conversion-tracking-tag

Conversion tracking for WooCommerce. Google Ads, GA4, Meta/Facebook Pixel, TikTok & more. Recover 30% more conversions with server-side tracking!

50K 4 CVEs

Developer Profile

Surbma | Premium WP Developer Profile

Surbma

27 plugins · 30K total installs

trust score

Avg Security Score

88/100

Avg Patch Time

127 days

View full developer profile

Detection Fingerprints

How We Detect Surbma | Premium WP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/surbma-premium-wp/assets/css/surbma-premium-wp-frontend.css/wp-content/plugins/surbma-premium-wp/assets/js/surbma-premium-wp-frontend.js

Script Paths

/wp-content/plugins/surbma-premium-wp/assets/js/surbma-premium-wp-frontend.js

Version Parameters

surbma-premium-wp/assets/css/surbma-premium-wp-frontend.css?ver=surbma-premium-wp/assets/js/surbma-premium-wp-frontend.js?ver=

HTML / DOM Fingerprints

FAQ