Does Toocheke Companion have any unpatched vulnerabilities?

No. All known vulnerabilities in Toocheke Companion have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Toocheke Companion compatible with WordPress 6.9.4?

According to WordPress.org data, Toocheke Companion 1.207 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Toocheke Companion updated?

Toocheke Companion was last updated on Mar 7, 2026. Frequent updates are generally a positive security signal.

What is Toocheke Companion's security score?

Toocheke Companion has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Toocheke Companion Security & Risk Analysis

wordpress.org/plugins/toocheke-companion

Transform your WordPress theme into a platform for publishing your webcomics.

1K active installs v1.207 PHP + WP 5.3+ Updated Mar 7, 2026

comicmangawebcomicwebtoon

A · Safe

CVEs total1

Unpatched0

Last CVEJan 22, 2025

Plugin page Download

Safety Verdict

Is Toocheke Companion Safe to Use in 2026?

Generally Safe

Score 99/100

Toocheke Companion has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 22, 2025Updated 27d ago

Risk Assessment

The toocheke-companion plugin v1.209 exhibits a generally good security posture based on the static analysis. The absence of unprotected AJAX handlers, REST API routes, shortcodes, or cron events indicates a well-contained attack surface. Furthermore, the high percentage of properly escaped output (93%) and the presence of nonce and capability checks are strong indicators of secure coding practices. The code signals also show a reasonable approach to SQL queries, with 50% utilizing prepared statements.

However, the vulnerability history presents a significant concern. The presence of a known medium severity CVE, even if currently patched, suggests past vulnerabilities that required remediation. The fact that the last vulnerability was recorded in 2025, and it was an 'Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')' type, is particularly noteworthy, as XSS vulnerabilities can be introduced through seemingly minor oversight in input handling or output escaping. While the static analysis did not reveal any current taint flows or unsanitized paths, the historical pattern of XSS necessitates vigilance.

In conclusion, while the current static analysis paints a positive security picture with good practices in place, the plugin's past vulnerability to XSS, even if resolved, warrants a cautious approach. Continued monitoring and ensuring that any future updates maintain or improve upon the current level of output escaping and input validation are crucial.

Key Concerns

Past medium severity CVE for XSS
50% of SQL queries not using prepared statements

Vulnerabilities

Toocheke Companion Security Vulnerabilities

CVEs by Year

1 CVE in 2025

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-23992medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Toocheke Companion <= 1.166 - Authenticated (Admin+) Stored Cross-Site Scripting

Jan 22, 2025 Patched in 1.167 (27d)

Code Analysis

Analyzed Mar 16, 2026

Toocheke Companion Code Analysis

Dangerous Functions

Raw SQL Queries

5 prepared

Unescaped Output

579 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

50% prepared10 total queries

Output Escaping

93% escaped621 total outputs

Data Flows

All sanitized

Data Flow Analysis

2 flows

<content-chaptersnavigation> (templates\content-chaptersnavigation.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Toocheke Companion Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 4

actionenqueue_block_editor_assetsinc\toocheke-companion-blocks.php:49

actioninitinc\toocheke-companion-blocks.php:348

filtermonth_linkinc\toocheke-companion-template-functions.php:267

filterday_linkinc\toocheke-companion-template-functions.php:340

Maintenance & Trust

Toocheke Companion Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 7, 2026

PHP min version

Downloads104K

Community Trust

Rating90/100

Number of ratings6

Active installs1K

Alternatives

Toocheke Companion Alternatives

SwipeComic

swipecomic

100

A mobile-first comic reader for WordPress with PhotoSwipe integration, swipe navigation, and intuitive episode management.

0 No CVEs

Webcomic

webcomic

Comic publishing power for the web. Turn your WordPress-powered site into a comic publishing platform with Webcomic.

600 No CVEs

ComicPress to Comic Easel Migrator

cp2ce

Will convert Comic Categories from ComicPress and turn them into Comic Post Types for Comic Easel

300 No CVEs

Manga+Press Comic Manager

mangapress

Manga+Press is a webcomic management system for WordPress.

100 No CVEs

CC Manga Comic Reader

cc-manga-comic-reader

CC Manga Comic Reader help add manga with multi chapter link, can add custom field, custom taxonomy for manga.

10 No CVEs

Developer Profile

Toocheke Companion Developer Profile

toocheke

2 plugins · 2K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

27 days

View full developer profile

Detection Fingerprints

How We Detect Toocheke Companion

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/toocheke-companion/build/index.js/wp-content/plugins/toocheke-companion/build/index.css

Script Paths

/wp-content/plugins/toocheke-companion/build/index.js

HTML / DOM Fingerprints

JS Globals

window.Toocheke_Companion_Comic_Features

Shortcode Output

toocheke-companion/all-series-blocktoocheke-companion/all-chapters-blocktoocheke-companion/latest-chapters-blocktoocheke-companion/first-comic-block

FAQ