Does Terms Dictionary have any unpatched vulnerabilities?

Yes — Terms Dictionary currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Terms Dictionary compatible with WordPress 6.2.9?

According to WordPress.org data, Terms Dictionary 1.5.1 has been tested up to WordPress 6.2.9. Check the plugin's changelog for the latest compatibility information.

How often is Terms Dictionary updated?

Terms Dictionary was last updated on Apr 10, 2023. Frequent updates are generally a positive security signal.

What is Terms Dictionary's security score?

Terms Dictionary has a WP-Safety security score of 64/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Terms Dictionary Security & Risk Analysis

wordpress.org/plugins/terms-dictionary

Create a dictionary to your site in a couple of clicks.

100 active installs v1.5.1 PHP + WP + Updated Apr 10, 2023

dictionary

C · Use Caution

CVEs total1

Unpatched1

Last CVEFeb 21, 2025

Download

Safety Verdict

Is Terms Dictionary Safe to Use in 2026?

Use With Caution

Score 64/100

Terms Dictionary has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.

1 known CVE 1 unpatched Last CVE: Feb 21, 2025Updated 2yr ago

Risk Assessment

The "terms-dictionary" plugin version 1.5.1 exhibits a mixed security posture. While it boasts a small attack surface with only one shortcode as an entry point and no AJAX or REST API endpoints exposed without authentication, several critical weaknesses are present. The most significant concern is the complete lack of output escaping for all 13 detected output points. This makes the plugin highly susceptible to Cross-Site Scripting (XSS) vulnerabilities, as any user-supplied data displayed on the frontend could be manipulated to execute malicious scripts.

Furthermore, the plugin has a known vulnerability history, with one unpatched medium severity CVE related to XSS. This, combined with the static analysis findings of unsanitized paths in taint analysis, suggests a pattern of insecure input handling. The absence of nonce and capability checks on its limited entry points, coupled with the universal lack of output escaping, indicates a concerning disregard for fundamental web security practices. While the plugin uses prepared statements for its SQL queries, this is overshadowed by the severe output escaping and vulnerability history issues.

Key Concerns

Unpatched Medium CVE
All outputs unescaped
Unsanitized paths in taint analysis
No nonce checks
No capability checks

Vulnerabilities

Terms Dictionary Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

WF-54245c83-a0ae-454f-af80-25383b90948d-terms-dictionarymedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Terms Dictionary <= 1.5.1 - Reflected Cross-Site Scripting

Feb 21, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Terms Dictionary Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped13 total outputs

Data Flows

1 unsanitized

Data Flow Analysis

1 flows1 with unsanitized paths

<frontend> (frontend.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Terms Dictionary Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[terms-dictionary] dictionary.php:205

WordPress Hooks 12

actionplugins_loadeddictionary.php:33

actioninitdictionary.php:75

filterpost_updated_messagesdictionary.php:96

filtermanage_edit-dict-terms_columnsdictionary.php:109

actionmanage_posts_custom_columndictionary.php:120

filterdisable_months_dropdowndictionary.php:129

actionadmin_headdictionary.php:136

actionadmin_menudictionary.php:144

filterdict-terms-letter_row_actionsdictionary.php:153

filterimage_size_names_choosedictionary.php:164

actionpost_updateddictionary.php:180

actionwp_enqueue_scriptsdictionary.php:187

Maintenance & Trust

Terms Dictionary Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedApr 10, 2023

PHP min version

Downloads4K

Community Trust

Rating90/100

Number of ratings4

Active installs100

Alternatives

Terms Dictionary Alternatives

CM Tooltip Glossary

enhanced-tooltipglossary

Transform jargon into engaging content that boosts SEO, drives engagement, improves conversions, with automatic links and tooltips.

8K 7 CVEs

Heroic Glossary – Block for building Glossaries, Dictionaries and more

heroic-glossary

100

The best WordPress glossary builder plugin to create and manage your own glossary of terms.

4K No CVEs

Name Directory

name-directory

Name directory (glossary) with many options like multiple directories, integrated search, non-latin characters, recaptcha, HTML editor and many more.

3K 10 CVEs

Glossary

glossary-by-codeat

Boost your SEO & UX with Codeat's Glossary: powerful auto-link engine; customizable tooltips, mobile settings, ChatGPT and much more!

2K 2 CVEs

Encyclopedia / Glossary / Wiki

encyclopedia-lexicon-glossary-wiki-dictionary

Supercharged tool to build your own awesome Encyclopedia / Lexicon / Glossary / Wiki / Dictionary / Knowledge base / Directory / Vocabulary in no time

1K 1 CVE

Developer Profile

Terms Dictionary Developer Profile

Somonator

4 plugins · 190 total installs

trust score

Avg Security Score

80/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Terms Dictionary

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/terms-dictionary/td-styles.css

Version Parameters

terms-dictionary/td-styles.css?ver=

HTML / DOM Fingerprints

Shortcode Output

FAQ